Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-08-2014, 01:02 PM
zyadalseef zyadalseef is offline
 
Join Date: Jan 2008
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default changing directory for (config.php) Please help me

Hello,
My site was hacked before 3 days ago but I restore now.
Well, there are some security solutions, including changing directory for (config.php), So I rename (config.php) and put it in new folder under vb

directory.
After that I update some files with new name and directory for (config.php) in the following folder :
admincp
includes
install

Now the forum work fine but there is a problem in Product Vbseo show in the header ( See attached picture link ):
http://www.banimalk.net/vbseo.jpg

PHP Code:
Warning: include_once() [function.include-once]: Unable to access /home/banimalk/public_html/vb/vbseo/../includes/config.php in/home/banimalk/public_html/vb/vbseo.php on line 17

Warning
: include_once(/home/banimalk/public_html/vb/vbseo/../includes/config.php) [function.include-once]: failed to open streamNo such file or directory in/home/banimalk/public_html/vb/vbseo.php on line 17

Warning
: include_once() [function.include]: Failed opening '/home/banimalk/public_html/vb/vbseo/../includes/config.php' for inclusion (include_path='.:/usr/lib/php'in/home/banimalk/public_html/vb/vbseo.php on line 17 
Product Vbseo needs to reading and identify the new directory and new name for config.php , I have tried to update some files of Product Vbseo but failed .

Please help me ?

Version Forum ( 3.8.7 Patch Level 3)
Version vBSEO (3.6.0 RC 2 )

Thank you
Reply With Quote
  #2  
Old 02-12-2014, 11:45 AM
ShawneyJ's Avatar
ShawneyJ ShawneyJ is offline
 
Join Date: Jul 2006
Location: Australia
Posts: 1,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

mate, i dont know why you would be still running VBSEO. 100's if not more have removed it from their forums. not only is it a dead product, but you most likely will not get any support for VBSEO here at vb org. lets say you do everything under the sun to make your forum secure...whats stopping hackers from hacking your VBSEO 3.6.0 RC 2? which has exploits. maybe thats the point of ya post, but VBSEO are dead a berried and im pretty sure no one will support it here, but you never know. good luck.
Reply With Quote
2 благодарности(ей) от:
RichieBoy67, TheLastSuperman
  #3  
Old 02-12-2014, 01:36 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

moving your config file is pretty pointless. You have to change the include(s) for it, which means you are still pointing right at that file.
Reply With Quote
Благодарность от:
RichieBoy67
  #4  
Old 02-12-2014, 04:56 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery View Post
moving your config file is pretty pointless. You have to change the include(s) for it, which means you are still pointing right at that file.
I dunno... this security through obfuscation is pointless makes sense if you're you or me (now keep reading lol) but what about a technician from crowdgather after buying a client of mines forum who had to call me to ask why the details in the config file were wrong and how was it still able to connect? It sure fooled him (who was experienced in vBulletin and various other forums including relocating them etc) so I guess it depends on the level of intelligence of the person trying to gain entry to your site i.e. if a script-kiddie then they won't know where to look so in essence security through obfuscation does work in a sense. Anything you can do to "throw off" someone trying to get into your site will help, you can't argue that.

Also OP as ShawneyJ mentioned remove vBSEO, your just a hacked site waiting to happen imo if you continue to run it.

Edit: Also look for the reference to config.php in /includes/class_core.php and change it there too, that is probably where you missed changing the filename and why it is not working.
Reply With Quote
2 благодарности(ей) от:
RichieBoy67, ShawneyJ
  #5  
Old 02-12-2014, 05:31 PM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No need to change the name of config directory. just protect it using htaccess.

Also, Vbseo removal is a nightmare for many forums depending on your urls but I agree removal is the best thing to do. I believe it will not be long for Google to actually prove Vbseo type scripts as bad for search indexing. It seems like weekly they are adding new restrictions. The latest thing is to target and penalize sites that have too many advertisements. It is only a matter of time before seo friendly type urls are completely ignored in my opinion.

Also, if you are using an older version of Vbseo you better find out how to secure it because it has a vulnerability that is easy exploited.
Reply With Quote
Благодарность от:
ShawneyJ
  #6  
Old 02-14-2014, 07:01 AM
zaqy zaqy is offline
 
Join Date: Feb 2014
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

if you feel your forum has been hacked , just make sure you remove your install folder . that is enough .

make sure you change your admincp and modcp too
Reply With Quote
  #7  
Old 02-14-2014, 10:33 AM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by zaqy View Post
if you feel your forum has been hacked , just make sure you remove your install folder . that is enough .

make sure you change your admincp and modcp too
There is much more to secure your website than that, what you have stated is not "enough" in it's self.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:40 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06587 seconds
  • Memory Usage 2,243KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (6)post_thanks_box_bit
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete