Announcement

Collapse
No announcement yet.

Protecting config.php

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • mackers8923
    replied
    That is exactly what I done to my board. Is putting an ht.access file within the admin directory enough or does Vbulletin members have any other recommendations on this?

    Leave a comment:


  • Roody
    replied
    Originally posted by jimnyc
    It's not that I'm overly worried, I just thought it was good security. Since it's a shared host, they say any files that aren't 600 can be read by others on the same server. I'll look into the .htaccess option. I've done that before, but never with a config file, only with generic pages.
    since the config.php file is in your admin directory just .htaccess the admin directory and you will be fine.

    Leave a comment:


  • Zachery
    replied
    just make sure you make backups files and databases and if you do get hacked shut the site down restore the backup and change passwords

    Leave a comment:


  • jimnyc
    replied
    Originally posted by Faranth
    id suggest putting a .htaccess file in there if your overly worried

    also one in admincp
    It's not that I'm overly worried, I just thought it was good security. Since it's a shared host, they say any files that aren't 600 can be read by others on the same server. I'll look into the .htaccess option. I've done that before, but never with a config file, only with generic pages.

    Leave a comment:


  • Zachery
    replied
    id suggest putting a .htaccess file in there if your overly worried

    also one in admincp

    Leave a comment:


  • jimnyc
    started a topic Protecting config.php

    Protecting config.php

    The host I am using has been having a lot of message boards hacked lately. They posted a message on their own forums letting users know that they should have proper permissions on files that contain passwords, specifically config.php

    They said I should have permissions set to 600 for this file. I tried briefly changing this file to 600, but then my entire board wouldn't load and started coming back with errors instead. I changed the file back to 755 and the problem went away.

    Am I in danger of having my username/password hacked for SQL by having this file at 755? Should I be able to change it to 600?

    Thanks!
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X