Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > vBulletin 3 Articles

Reply
 
Thread Tools
Ultimate Guide to securing your Forums
veenuisthebest's Avatar
veenuisthebest
Join Date: Mar 2008
Posts: 1,416

100% BCA, 33.33% CA

India
Show Printable Version Email this Page Subscription
veenuisthebest veenuisthebest is offline 10-17-2008, 10:00 PM

Securing your forums from Hackers:-

1. Always Keep your vbulletin updated to the latest version taking special care of security fixes.

2. Use the Rename admincp directory feature in config.php

3. Keep your following directories .htaccess protected. Most users can do this via Password Protect Directories option in cPanel.

admincp/
modcp/
includes/
install/

Even vbulletin.com has protected the above directories.

4. Edit your config.php to make yourself an undeletable user.

5. Keep your vbulletin superadmin, FTP/SFTP and .htaccess username/password distinct and unique. You can use the Random Password Generation feature in cPanel or let sites like http://www.goodpassword.com/ generate them for you.

6. Make sure you have your vbulletin PHP files chmod 0644 and NEVER 0777.

7. Keep your forum as much clean as you can. Stay away from mods that you think won't benefit your community much. The lesser the mods, the more secure you are.

8. After uninstalling mods/hacks from vborg, do not forget to Remove the files that you uploaded with the hack.

9.Never allow HTML in posts, PM's and sigs.

10. You should NEVER upload the contents of do_not_upload folder like tools.php from the downloaded vb zip on your server. If ever you need to upload them, delete them immediately after use.

11. Never save a backup of your database under public_html as that would make your database downloadable to the world.

12. Keep your PC periodically tested against viruses, malwares and trojans.

13. For official vb staff's always updated tips and tricks to make your forums more and more secure, visit this thread.
http://www.vbulletin.com/forum/showthread.php?t=194701


Securing your forums from Spammers:-

I think this thread by the official vb staff will be enough for taking care of our spam problems.
http://www.vbulletin.com/forum/showthread.php?t=275800

Some points to highlight:-


1. Use Recaptcha and Add an Extra question to the Registration to prevent bot registrations.

2. There's no harm in getting an Akismet Personal Key and enabling the option in admincp->vbulletin options->Spam Management. You may set the Spam Scanning Post Threshold to 2 or 3.

3. List of email domains to Ban

4. You can ban usernames containing words like sale, offer etc. in User Registration Options->Illegal Usernames

5. I would largely recommend this mod from Andy Huang (vb staff) that Detects Spam based on Keywords Weight. It works perfect on my latest 3.7.3.PL1 board and believe it or not, I could see the human spammer (from who's online ofcourse) getting an error message while creating a thread and leaving the board frustrated.

Hope you find it useful, will keep it updated.

Source: http://tech6.com/f51/ultimate-guide-...r-forums-t319/

P.S.: Please do not copy this guide.
Reply With Quote
  #2  
Old 10-19-2008, 09:31 PM
Alex LD Alex LD is offline
 
Join Date: Aug 2008
Location: Iowa
Posts: 68
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Great tutorial.

Also keep in mind to help make staff change their passwords to prevent a hacker from cracking the hash if he does get his hands on it. It is also a good Idea to password protect the ModCP and AdminCP Directory once You've renamed them just for safety. This can be done in your hosting control panel. Like cPanel, Plesk, DirectAdmin etc...

~ Alex
Reply With Quote
  #3  
Old 10-26-2008, 03:59 PM
raznaran raznaran is offline
 
Join Date: Oct 2008
Posts: 31
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Handled
Reply With Quote
  #4  
Old 04-11-2009, 10:42 PM
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Posts: 340
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

3. Keep your following directories .htaccess protected. Most users can do this via Password Protect Directories option in cPanel.

admincp/
modcp/
includes/
install/

Can You Explain This Please....
Reply With Quote
  #5  
Old 04-12-2009, 02:39 AM
veenuisthebest's Avatar
veenuisthebest veenuisthebest is offline
 
Join Date: Mar 2008
Location: India
Posts: 1,416
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by creative-friend View Post
3. Keep your following directories .htaccess protected. Most users can do this via Password Protect Directories option in cPanel.

admincp/
modcp/
includes/
install/

Can You Explain This Please....
umm.. its pretty much self explanatory i guess.

As said, go to cpanel -> Password Protect Directories -> and simply protect those 4 directories.

Provide a secure username/pass, NOT the same as your admincp/ftp etc.
Reply With Quote
  #6  
Old 04-17-2009, 11:17 AM
creative-friend creative-friend is offline
 
Join Date: Feb 2009
Posts: 340
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ohh okay
thanks.

--------------- Added [DATE]1239970774[/DATE] at [TIME]1239970774[/TIME] ---------------

sorry for asking you again but how shall i put password on that??
im not really sure...
Reply With Quote
  #7  
Old 07-13-2009, 10:20 AM
joyboy2001 joyboy2001 is offline
 
Join Date: Nov 2008
Location: New Delhi, India
Posts: 67
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

great guide ... thanks ...
Reply With Quote
  #8  
Old 08-16-2009, 06:54 AM
bluej bluej is offline
 
Join Date: Jan 2007
Location: U.S.A.
Posts: 92
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by veenuisthebest View Post
umm.. its pretty much self explanatory i guess.

As said, go to cpanel -> Password Protect Directories -> and simply protect those 4 directories.

Provide a secure username/pass, NOT the same as your admincp/ftp etc.
could someone explain this a little better for us that are newer at this but would like to do what we can to secure our sites...

what cpanel is he talking about? in vbulletin? at the database?

thanks so much
Reply With Quote
  #9  
Old 08-18-2009, 07:00 AM
veenuisthebest's Avatar
veenuisthebest veenuisthebest is offline
 
Join Date: Mar 2008
Location: India
Posts: 1,416
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is just one cpanel. Its the site administration control panel at the server level. If you don't know about it, you probably haven't used it. You'll need to contact your host about this.
Reply With Quote
  #10  
Old 09-07-2009, 01:46 AM
bluej bluej is offline
 
Join Date: Jan 2007
Location: U.S.A.
Posts: 92
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by veenuisthebest View Post
There is just one cpanel. Its the site administration control panel at the server level. If you don't know about it, you probably haven't used it. You'll need to contact your host about this.
contacted my host about this and they said that since i am on shared hosting that it was a file that i would have to create myself ...

how do i create the .htaccess file and where do i put it? in each of the folders you listed?

also on #11 (11. Never save a backup of your database under public_html as that would make your database downloadable to the world.) how do i know whether or not my backup is under public_html?


sorry for being so new at this, still learning...thanks for your help
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:57 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06619 seconds
  • Memory Usage 2,293KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (2)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete