The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
KX - Rename Config File Details »» | |||||||||||||||||||||||||||
This modification was brought to you by KXDesign http://www.kxdesign.com/ ~Modification name Rename Config File ~Modification description This modification allows you to rename or move the config.php file.This is to protect your sensible information and increase the security of your vBulletin board. The majority of boards get hacked because a hacker uploads a malicious script to get hold of the config.php content.But if you move or rename it,there is no chance that they find out the location of it. Tips & Tricks: vBSEO - https://vborg.vbsupport.ru/showpost....1&postcount=24 Fool Hackers - https://vborg.vbsupport.ru/showpost....8&postcount=23 ~Modification options None ~Modification info File uploads: 0 File edits: 1 Templates: 0 Template edits: 0 Plugins: 0 SQL Queries: 0 Phrases: 0 Settings: 0 Hooks: 0 Install time: 1 minute Install level: Light ~Modification installation Step 1: Open includes/class_core.php and find: Code:
include(CWD . '/includes/config.php'); if (sizeof($config) == 0) { if (file_exists(CWD. '/includes/config.php')) { // config.php exists, but does not define $config die('<br /><br /><strong>Configuration</strong>: includes/config.php exists, but is not in the 3.6+ format. Please convert your config file via the new config.php.new.'); } else { die('<br /><br /><strong>Configuration</strong>: includes/config.php does not exist. Please fill out the data in config.php.new and rename it to config.php'); } } Code:
include(CWD . 'XXXXX'); if (sizeof($config) == 0) { if (file_exists(CWD. 'XXXXX')) { // config.php exists, but does not define $config die('<br /><br /><strong>Configuration</strong>: includes/config.php exists, but is not in the 3.6+ format. Please convert your config file via the new config.php.new.'); } else { die('<br /><br /><strong>Configuration</strong>: includes/config.php does not exist. Please fill out the data in config.php.new and rename it to config.php'); } } admincp/mynewconfig.php or includes/configuration.php . ~Modification screenshots None ~Modification changelog
~Modification copyright This may not be distributed,released or claimed as your work without author's permission. Download Now
Show Your Support
|
Благодарность от: | ||
RyanFabbro |
Comments |
#22
|
||||
|
||||
Yes there is a 3.7 version as well.
|
#23
|
|||
|
|||
This is excellent, however, it would not find the wording exactly, so, I hope this really works the way I had to do it. I only changed the path, and moved the file. The board works, so I hope this accomplished what we're trying to do here...
Thanks! :up: |
#24
|
||||
|
||||
why not keep a fake copy of config.php with this mod, in the original folder to fool hackers?
|
#25
|
|||
|
|||
ye, cuz ur out of your forums folder! the folder has to be in your forums folder!
if sumone is using vbseo, uve to change the config path in config_vbseo.php too! search Code:
define('VBSEO_VB_CONFIG', 'config.php'); Code:
define('VBSEO_VB_CONFIG', '../folder/newconfig.php'); |
#26
|
||||
|
||||
Quote:
Quote:
|
#27
|
||||
|
||||
That works great on my 3.7.5, except with the Mod "IbProArcade". There it gives me a Database error because it still tries to include the original Filename of the config.php.
|
#28
|
||||
|
||||
Is there a problem with IPBProArcade Ziki?
Thanks, Curt |
#29
|
||||
|
||||
I don't know I didn't test it.
|
#30
|
|||
|
|||
This seems a bit pointless, in my opinion. If a hacker was determined enough (and as this addon becomes used more and more), then I don't see much of a point. They'll just know to check the core file. Your best bet was to keep this to yourself, if your goal was security. Sharing this sort of threw it out of the "Secure" category.
Also, as long as your MySQL server only allows access to your server (and not everyone), (cPanel servers are often configured this way, and you can add exceptions in the cPanel) then even if that have that information, it does them no good. Also, proper website/server security would make it really difficult for a hacker to upload a file to your server, and even if they did, why bother with this as they probably have full access anyway? Just my opinion. Take it with a grain of salt |
#31
|
|||
|
|||
Thanks
|
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|