Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 05-10-2010, 11:53 AM
Sajeth Sajeth is offline
 
Join Date: Feb 2008
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by desitracker View Post
Add 256 Bit Protection From Your Hosting Services..
It's A Payment Service...u Will Pay About 70 Dollars Per Year..

Note That Then Ur 100% Protected
Thats All
Then U Can Install All What U Want..
Thats one of the most useless posts I've ever seen in this forum - SSL doesn't protect you from Exploits, leaked Passwords or human stupidity.
Reply With Quote
  #12  
Old 05-10-2010, 04:14 PM
Speysider's Avatar
Speysider Speysider is offline
 
Join Date: Apr 2009
Posts: 1,029
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by desitracker View Post
Add 256 Bit Protection From Your Hosting Services...
Please do NOT spread such false information here. How the hell is adding 256-Bit protection going to stop hackers??

Please think before posting if you actually know what you are talking about.
Reply With Quote
  #13  
Old 07-08-2010, 10:28 AM
Naan-Kadavul's Avatar
Naan-Kadavul Naan-Kadavul is offline
 
Join Date: Sep 2009
Location: Singpore
Posts: 249
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Too much modifications..check with that.
Reply With Quote
  #14  
Old 07-12-2010, 09:04 PM
Skydiver10's Avatar
Skydiver10 Skydiver10 is offline
 
Join Date: Sep 2009
Location: SoCal
Posts: 98
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can have as many mods as you want! I have over 25 mods on my forum!

But, to protect your files and database from this pest, all you need to create a .htacces file and a .htpasswd in the "ADMIN directory on your server! This will create another password for anyone to access the entire directory. Do the same for your "INCLUDES" directory and "INSTALL" directory. I had the same problem you did and this completely closes all back doors and prevents anyone accessing your shit!

Make sure you use a different username and password than the ones you use to access the admin control panel via the forums. Also encrypt the password with the link below.

Instruction are here:
http://www.phpfusion-mods.net/articl...?article_id=23

Password generator here:
http://www.htaccesstools.com/htpasswd-generator/

It will take some time for you to create these files and make them work properly by using the full path - AuthUserFile /full/path/to/.htpasswd

Once you get it all working correctly a window pops up asking you to enter the username and password when accessing these directories. No one will be able to do any changes accept for you and who ever has the htaccess username and password.

Good luck!
Reply With Quote
  #15  
Old 07-12-2010, 09:57 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you password protect your includes directory won't that stop everyone from being able to view the site? Many functions make calls to the includes directory, no?
Reply With Quote
  #16  
Old 07-12-2010, 11:23 PM
Skydiver10's Avatar
Skydiver10 Skydiver10 is offline
 
Join Date: Sep 2009
Location: SoCal
Posts: 98
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Nope, have been doing it since last year, no problem. Includes folder is mostly admin functions. Also this site vb.org and VB's other site do the same!
Reply With Quote
  #17  
Old 07-12-2010, 11:58 PM
Brandon_R Brandon_R is offline
 
Join Date: Aug 2009
Posts: 63
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It stops HTTP access from viewing the directory, not PHP from including the files and running them.
Reply With Quote
  #18  
Old 07-13-2010, 12:03 AM
Skydiver10's Avatar
Skydiver10 Skydiver10 is offline
 
Join Date: Sep 2009
Location: SoCal
Posts: 98
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That sounds correct.....
Reply With Quote
  #19  
Old 07-13-2010, 12:59 AM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Brandon_R View Post
It stops HTTP access from viewing the directory, not PHP from including the files and running them.
Well that doesn't sound like it would do much to stop hackers then- if they can't browse the directory due to the presence of an index file or server config how would adding a password to the includes directory help if files can still be accessed via php?
Reply With Quote
  #20  
Old 07-13-2010, 01:14 AM
Skydiver10's Avatar
Skydiver10 Skydiver10 is offline
 
Join Date: Sep 2009
Location: SoCal
Posts: 98
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do some research on .htaccess files, does in fact stop anyone from writing, accessing, etc., that is not authorized through htaccess files. No way to get to the directories that have these files, not even the spiders or crawlers because they are completely protected from htaccess... period. Unless someone has your server or FTP client password and can bypass them by deleting them or altering them. Other than that it is almost impossible since the htacces file catches them with a password requirement while surfing to those directories.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:50 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06133 seconds
  • Memory Usage 2,260KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete