Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page HACKED - Make sure you are secure
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 09-26-2009, 12:58 PM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by knucklenitz View Post
Just to make sure I understand, moving the config.php to another directory out of the public html will not affect vb operation?
This won't increase security at all for the simple fact your VB still needs to be able to read that file. So you may move it around on the filesystem, still find a way on how VB can read this file, either by symlinking or something else.
If that is done, every "hacker" will be able to read that file as well.

Better spend your time keeping your VB & Plugins up-to-date and use things like mod_security / suhosin and the typical setups like chroot / jail. That's more time consuming but no "security by obscurity" when moving some files just to have a work-around that VB can read them.

And make sure your VB files aren't writeable by PHP itself, if you store uploads in the filesystem, move that directory outside the webroot and additionally some directories like images / signaturepics - don't need PHP because there just images are stored.

Something simple like:

Quote:
<Directory /where_ever_your_vb_is_stored/(clientscript|cpstyles|customavatars...)>
php_flag_engine Off
</Directory>

<Files "/where_ever_your_vb_is_stored/includes/config.php">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Files>
Then moving the "uploads" directory outside the webroot that it can't be accessed directly.
Finally - mod_security & suhosin should be used. First starting them both in logging mode to collect a whitelist, highly depends on how your forum is used, and once that whitelist is completed to sort out false-positives set both in blocking mode.

And - as last addition - you can setup an IDS system that creates checksum of your VB files and alerts you if there're any changes.

Yes - I can do this It won't even cost much
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 08:03 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03801 seconds
  • Memory Usage 2,211KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete