The Arcive of Official vBulletin Modifications Site.

Sajeth · #11 05-10-2010, 11:53 AM

Quote:

Originally Posted by desitracker

Add 256 Bit Protection From Your Hosting Services..
It's A Payment Service...u Will Pay About 70 Dollars Per Year..

Note That Then Ur 100% Protected

Thats All
Then U Can Install All What U Want..

Thats one of the most useless posts I've ever seen in this forum - SSL doesn't protect you from Exploits, leaked Passwords or human stupidity.

Speysider · #12 05-10-2010, 04:14 PM

Quote:

Originally Posted by desitracker

Add 256 Bit Protection From Your Hosting Services...

Please do NOT spread such false information here. How the hell is adding 256-Bit protection going to stop hackers??

Please think before posting if you actually know what you are talking about.

Naan-Kadavul · #13 07-08-2010, 10:28 AM

Too much modifications..check with that.

Skydiver10 · #14 07-12-2010, 09:04 PM

You can have as many mods as you want! I have over 25 mods on my forum!

But, to protect your files and database from this pest, all you need to create a .htacces file and a .htpasswd in the "ADMIN directory on your server! This will create another password for anyone to access the entire directory. Do the same for your "INCLUDES" directory and "INSTALL" directory. I had the same problem you did and this completely closes all back doors and prevents anyone accessing your shit!

Make sure you use a different username and password than the ones you use to access the admin control panel via the forums. Also encrypt the password with the link below.

Instruction are here:
http://www.phpfusion-mods.net/articl...?article_id=23

Password generator here:
http://www.htaccesstools.com/htpasswd-generator/

It will take some time for you to create these files and make them work properly by using the full path - AuthUserFile /full/path/to/.htpasswd

Once you get it all working correctly a window pops up asking you to enter the username and password when accessing these directories. No one will be able to do any changes accept for you and who ever has the htaccess username and password.

Good luck!

BirdOPrey5 · #15 07-12-2010, 09:57 PM

If you password protect your includes directory won't that stop everyone from being able to view the site? Many functions make calls to the includes directory, no?

Skydiver10 · #16 07-12-2010, 11:23 PM

Nope, have been doing it since last year, no problem. Includes folder is mostly admin functions. Also this site vb.org and VB's other site do the same!

Brandon_R · #17 07-12-2010, 11:58 PM

It stops HTTP access from viewing the directory, not PHP from including the files and running them.

Skydiver10 · #18 07-13-2010, 12:03 AM

That sounds correct.....

BirdOPrey5 · #19 07-13-2010, 12:59 AM

Quote:

Originally Posted by Brandon_R

It stops HTTP access from viewing the directory, not PHP from including the files and running them.

Well that doesn't sound like it would do much to stop hackers then- if they can't browse the directory due to the presence of an index file or server config how would adding a password to the includes directory help if files can still be accessed via php?

Skydiver10 · #20 07-13-2010, 01:14 AM

Do some research on .htaccess files, does in fact stop anyone from writing, accessing, etc., that is not authorized through htaccess files. No way to get to the directories that have these files, not even the spiders or crawlers because they are completely protected from htaccess... period. Unless someone has your server or FTP client password and can bypass them by deleting them or altering them. Other than that it is almost impossible since the htacces file catches them with a password requirement while surfing to those directories.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04137 seconds Memory Usage 2,259KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (3)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!