Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-12-2007, 01:14 AM
as7aab as7aab is offline
 
Join Date: Apr 2007
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Security questions

I am a vBulletin forum owner, running on the 3.6.5 version..

I have read in many websites about some steps that you have to do
to protect your forum from getting hacked,
below are some of the mentioned steps:

1. Change the name of the "admincp" and "modcp" folders.

2. Give a username/password protection from the websites main cpanel
to the following folders "admincp - modcp - includes - install - archive"

3.Change the prefix in the config.php file to another new number/word.
example: $config['Misc']['cookieprefix'] = 'jydh23';

4. Bann the use of the following words in the forum from the forum cpanel:
"cook cooki cookie cookies COOK COOKI COOKIE COOKIES META meta SCRIPT script"

5. Change the content of the following files " showgroups.php - memberlist.php - online.php"
with the contents of the "index.php"

6. If possible do not display your forums version in the forums footer.

7. Disabling the forums archive.

My questions are:
  • Is it necessary for me to do these steps?
  • Will they really protect my forum from being hacked?
  • Is it possible that my forum gets hacked if i don't do them?
  • Is it possible that my forum gets hacked if i do them?
  • Some of the steps are clearly stupid like step 1, 4, 5, 7 while some others seem to be important like 2 and 3, what do vBulletin moderators think of them?
  • what's the best way to protect my forum?
Thank you,
Nizar Selander.
Reply With Quote
  #2  
Old 04-12-2007, 01:31 AM
UltimateOreo! UltimateOreo! is offline
 
Join Date: Nov 2006
Location: Missouri
Posts: 462
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, that would be correct, 2 and 3 seem like the only completely valid measures. Although, you probably only need to password protect the directory Admincp and ModCP. You should keep HTML code disabled. DO NOT ENABLE IT UNDER ANY CIRCUMSTANCE.
Also, logging into the admin and mod cp as little as possible helps as far as cross site scripting goes. In answer to your direct questions-
1- Vbulletin is fairly secure as it is, but it can't hurt.
2- In reality, even with them your forum COULD get hacked, but don't count on it.
3- Same concept as 2, but you still shouldn't have to worry about it too much.
4- Same as 2,3
5- Explained at the top of the post
6- Whatever you think nescassary, just watch out for DDOS, that is a hassle.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:32 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03533 seconds
  • Memory Usage 2,164KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (2)post_thanks_box
  • (2)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit_info
  • (2)postbit
  • (2)postbit_onlinestatus
  • (2)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete