Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-10-2014, 10:52 PM
TheAllusionist TheAllusionist is offline
 
Join Date: Apr 2005
Posts: 101
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Security Through Limiting Apache Access to PHP Question

I am trying to harden my servers security (co-location techs actually doing work, out of my league) as I got a new server installed fresh systems (Joomla and vBulletin sites) and imported databases and already got malicious code injected that sends out SPAM email, gets my server black listed and is hard to track down. I have been hacked so many times in over a dozen years and I am really fed up with it. One of the items that was suggested to me for Joomla involves limiting Apache access to Index.php files only:

"The only entry point to Joomla is index.php and administrator/index.php.
Older versions of Joomla also use index2.php.

They are the only PHP files that need to be served by Apache for Joomla.
All other PHP files are loaded by the PHP code, not by Apache. The PHP code is not affected by restrictions in the Apache configuration.

The technique may not be applicable to vBulletin, although it may be possible to make some restrictions."

My question is whether there are only a few files in vBulletin (forum.php for example) that need outside Apache access so that I could limit what files could be executed?

I spend a small fortune on free communities and really starting to regret doing it as I spend more time repairing damage than I do improving or participating at them. One of the sites is a free repository (over 100,000 registered users) and I have had it shut down for months do to the hacking and malicious code. That site doesn't have vBulletin, but my other big one does and it has been hit through vBulletin plenty in the past and I am just trying to figure out how to make it tougher to get in.

I believe my techs are good, but I think they are generalist and so I am trying to find info specific to vBulletin and Joomla. Thanks in advance for your time and have a great weekend!

Cheers!

Russell
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:43 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06260 seconds
  • Memory Usage 2,151KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete