No announcement yet.

Trying to Protect Vbulletin

  • Filter
  • Time
  • Show
Clear All
new posts

  • Trying to Protect Vbulletin

    With so many people getting hacked I am trying to protect my sites as much as possible.

    I renamed my Admincp and Modcp directories and then made the following changes to includes/config.php by following the following steps:

    So now I want to hide my admincp and modcp behind .htaccess and .htpasswd. I would like to know what folder to put .htpasswd in? I am following these steps located here: Tobacco Forum

  • #2
    .htpasswd can be put in any folders that can be read by Apache. I usually place outside of www directory. e.g.

    Your www looks like: /home/yourdomain/www
    You can place it in /home/yourdomain/password/


    • #3
      You should put a .htaccess file inside your includes folder ie the same place as your config.php with a deny all order.

      order deny,allow
      deny from all

      Do the same for packages and vb. As for admincp and modcp you can't deny all as you and your mods need in so if you have a fixed ip address put this in.

      order deny,allow
      deny from all
      # alow the admin
      allow from xx.xx.xx.xx (your ip)

      If you do not have a fixed ip address then that won't work and you will need to use a password as described above, this is second best.

      Ps. the above saved me from this hack nightmare ie a rouge admin registered but he could not access my admincp because it was protected with the above .htaccess file.
      Last edited by donald1234; Tue 1st Oct '13, 3:52am.


      Related Topics