The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
htpassword admincp
Ok Im attempting to create a .htpassword file to protect my admin cp. So I read some of those sites on .htpassword. Reason being Ive had some trolls and some very shady ip addresses viewing my forum so I want to protect my forum. My question is when I create the file how would I go about actually protecting the admin panel. Would it be like this code below? Is that all I need to protect is my admin panel?
Quote:
Then upload file to the admin directory? Thanks |
#2
|
|||
|
|||
there is no absolute reason why you would have to htpassword your admincp... trolls or not, if they don't have an admin account, they can't hit farther than the login page in the admincp...
|
#3
|
||||
|
||||
So what do you recomend. Ive read plenty of posts of people creating htpasswords files and uploading them to their forum to password protect files.
|
#4
|
||||
|
||||
Quote:
http://www.vbulletin.com/forum/admincp/ It's extremly important to protect your /admincp with htpasswd. DO NOT use an online tool generator (security warning) and update through FTP, just telnet into your server and run the commands there. Run this: (pwd will show you the /full/path/to/your/protected/folder path) su - cd /your/protected/folder pwd pico .htaccess In pico, paste this: Code:
AuthUserFile /full/path/to/your/protected/folder/.htpasswd AuthName restricted AuthType Basic <Limit GET> require valid-user </Limit> You will be prompted with the file name .htaccess at the bottom of your screen. Confirm the file is named correctly, and hit enter to save your file. You may now exit pico by hitting CTRL+X. To create a .htpasswd file and insert it's first user, run this: cd /your/protected/folder htpasswd ?c .htpasswd johnsmith You will be prompted to put in a password for johnsmith and then to confirm it. If you want to add another user, just run this: htpasswd .htpasswd newuser Pretty easy, ehh? I hope you dont run Apache with php-fcgi, because that's another story... |
#5
|
|||
|
|||
And what if there is a new vulnerability found (vB or a modification) that makes the ACP vulnerable?
|
#6
|
||||
|
||||
Thanks Marco.
|
#7
|
||||
|
||||
They're just assuming that you'll use bad passwords. I guess it's better to be safe than sorry, though.
|
#8
|
||||
|
||||
Thanks for the posts guys!
Quote:
I dont know I have my site hosted at hostgator. I have to check to see exactly what server they are using. |
#9
|
|||
|
|||
I think you can do this in your host cpanel called
"Protected Password Directory" and you just select the admincp folder directory. |
#10
|
||||
|
||||
What if you don't want to use software like cPanel?
This is the worst software you can put on your server... they compile PHP into their RPM so you are forced to use their version. Not to mention the bulky code and the 1500$ price tag. Crazy. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|