The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Securing vBulletin Question
Looking into securing the vBulletin as much as possible and one of the things to do (recommended) was:
1.) Make sure the getadmin.php file is nowhere on the website. What does this mean, where to find it and what to do to secure this? Thanks for your knowledge |
#2
|
|||
|
|||
Bit of a vague recommendation but they tell you to make sure that no such file exists in the root of your website. For example if your site is example.com, it should not exist at example.com/getadmin.php.
|
#3
|
|||
|
|||
I typed in the front page and the actual forum as well and added /getadmin.php to both and came up with 404 errors. That seems like a good thing.
I didn't do any changes to the getadmin.php though so still not sure that aspect is secure. I will have to learn about this more. I'm assuming someone could somehow exploit this and take over the admin control of the forum? Thanks for your help. |
#4
|
|||
|
|||
Apparently "getadmin.php" is a script to set a specific username to the administrator usergroup. But I think it's very old since it does not exist in the latest vBulletin 3 installation files.
I don't think you have to worry about it. |
#5
|
|||
|
|||
Thanks for that information. I'm moving on to create passwords for directories.
|
#6
|
||||
|
||||
Only the admincp and modcp should be password protected not all of them.
|
Благодарность от: | ||
blind-eddie |
#7
|
|||
|
|||
Thanks for that. Will complete in that way.
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|