Secure your vBulletin (basic)

[WarezTown]

How to secure your vBulletin Forum (basic)

- This guide will run you through the basic things that you need to when securing you vBulletin forum

- I will add screenies too once my site comes back online

The first thing which you need to do is make sure that your AdminCP is secure. As you will know, the default for this is /forum/admincp. However you will want to firstly change this to random lettering, which only you will remember, so that nobody can access it. You can do this by simply finding the AdminCP file and changing its name. You will also want to do this forum your ModCP.

The next thing is adding htt access protection, which means there is a box which comes up saying ?authentication and password?

You will need to go into your Cpanel software and go under security, you will find ?Password protect your files?. Do this for both
your admincp and modcp. Don?t forget to make yourself and account so that you can access it obviously though.

You could also make it so only your IP can access it

This is your choice though, I would not recommend it because although it offers a lot of protection and block people who you do not want, but will most likely block you too.

This is for cpanel protection and indeed any htt access protected files. You should also put protection upon your Includes file, and you Upload file, so that nobody can access them.
Next you should remove the vBulletin version number (notice it?s not on KWWHunction), as this makes it harder for people to try and exploit your forum, although it should be protected on vBulletin 3.8. and vBulletin 3.4.0.
Next you should set yourself to an undeletable user, meaning that they cannot touch your Admin you can do this in the config file.

Next you should make sure, that users cannot use HTML in posts, signatures or anywhere on the forum really, because this is just asking to get hacked

Make sure your PhpMyAdmin is password protected (should be anyway)

Make sure you don?t have tools.php

Install the plugin vBfirewall as this protects from hackers with SQL Injection etc. (vbteam.info)

Don?t install fucked up hacks that are not necessary, you could get hacked this way

Obviously make sure there is no viruses or key loggers on your computer

Don?t let your staff use hotmail, its just retarded and you will get pwnt

You should next delete the link that connects your admincp to the forum on the index page. This just means if you get owned
they wont be able to get to the admincp, you can find this in config.php (optional not of great importance)

Don?t use the same password as other forums

Use a secure email provider preferably your own or hushmail

Don?t upload to the directory called do_not_upload obv lol

Remove any impEx files if you used this

You are best removing the prune option from the ModCP, why would they ever need to prune an entire forum, they have the power to delete all the posts

Keep a daily backup just in case

If you share a server, then make sure all your .php, .htm and .asp are chmod644 and nothing else, otherwise you will get hacked.
This is important on nulled VB which you should only get from trusted sources btw.
Make sure your staff are trusted

This was a basic tutorial, I?m sure there is loads of other things as well, but this should hopefully give you some protection from hackers. Won?t do much against DDO?S of course. This tutorial was made by me and the security I use.

WarezTown Reviewed by WarezTown on 21st Jan 2010. Secure your vBulletin (basic) How to secure your vBulletin Forum (basic) - This guide will run you through the basic things that you need to when securing you vBulletin forum - I will add screenies too once my site comes back online The first thing which you need to do is make sure that your AdminCP is secure. As you will know, the default for this is /forum/admincp. However you will want to firstly change this to random lettering, which only you will remember, so that nobody can access it. You can do this by Rating: 5

[HostMyWarez]

Nice Tutorial

[reeps]

nice will try it

[Sandino]

Don?t use the same password as other forums

Exactly! Don't even use the same password for anything else!!! Especially your personal emails, paypal, bank, etc.

Also don't use easy passwords! if you are going to make your password pancake. atleast do pancake123, or Pancak3 something different.


For Extra Security, NEVER give full admin rights to ANYONE. Not even people you trust, you can give them some, but not all!

If you want to become EXTRA secure. Make an Admin account with a really hard to guess name, such as ADFALADLLALWL
Then give it FULL root access to everything. generate a password, or if you are comfortable enough with your own pass, use it

Then make another account that will be YOUR account. Make sure you do not have as much power as it does. Just incase you DO get hacked, they cannot do much damage

Only log into the other account when you need to! Do not login all the time, because honestly you don't need to be in AdminCP all the time!



That's all i have for now. Hope it helps

[Chri5]

I've been pwnd by hotmail, TWICE!
Install the plugin vBfirewall as this protects from hackers with SQL Injection etc. (vbteam.info)
It causes bugs, but I like your tutorial.

[WarezTown]

yeah chri5 that was me, sozzard.

[litewarez]

Also if you bitches go for nulled, your more than likely going to go for DGT release

MAKE SURE YOU REMOVE VALIDATOR.PHP

EOF

[Maniac_]

And keygen.php ...
Lol.. you cant imagine in how many forums ive seen this...

[Phozon]

yeah as lite said

[Royal King]

Nice tut