Current time: 04-20-2014, 08:15 AM Hello There, Guest! (LoginRegister)


Post Reply 
 
Thread Rating:
  • 54 Votes - 4.11 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Administrating MyBB - good practices
10-02-2010, 06:08 AM
Post: #161
RE: Administrating MyBB - good practices
should we change this also
PHP Code:
$config['hide_admin_links'] = 0

to 1 means hide it??

Shifting from phpbb3 after using for 2.7 years.. started loving MyBB Big Grin
Vote for MyBB, would love to see winning!
AUTO Backup ur Database
Find all posts by this user
Quote this message in a reply
10-11-2010, 09:09 AM
Post: #162
RE: Administrating MyBB - good practices
This user has been denied support. This user has been denied support.
Another good practice, make a new account, give the primary group as member/registered user and give the secondary group as Administrator. So people will not come to know that it is admin account and will not try to hack it do anything stupid. So if you fell in trouble in future with your main admin account you can make use of this spare admin account. You can fix the problem using this account.

I had seen many people loosing admin account because of being locked up with false login attempts, error loops in MyBB functionality. So this will be a temporary solution to take care of your forum.

MyPlugins:1-2-3-4-5
MyTutorials:AddBots
Find all posts by this user
Quote this message in a reply
10-11-2010, 10:39 AM
Post: #163
RE: Administrating MyBB - good practices
one more suggestion by me, tell whether it is right or wrong:
reference: http://mattrogowski.co.uk/2009/06/24/myb...en-hacked/

I came across that
MattRogowski mentioned that this file be included in the inc folder as htaccess, i did that

<files config.php>
Order deny,allow
deny from all
</files>

second
MattRogowski told to rename admin directory, i renamed and removed the direct link access.


now what i am thinking is , making a FAKE admin directory with the name of admin itself and in it put a htaccess file same as for config.

what this will do, it will make hacker feel that admin directory is there and it is protected, so he will waste time on in it and will not think of on the line that renamed directory exist.

Please tell whether my idea is good or bad. Toungue

Shifting from phpbb3 after using for 2.7 years.. started loving MyBB Big Grin
Vote for MyBB, would love to see winning!
AUTO Backup ur Database
Find all posts by this user
Quote this message in a reply
10-11-2010, 07:51 PM
Post: #164
RE: Administrating MyBB - good practices
This user has been denied support. This user has been denied support.
^^ yes, you are right. and also dont forget to use the password protect directory feature provided by your hosting service (probably paid) and be safe Wink

MyPlugins:1-2-3-4-5
MyTutorials:AddBots
Find all posts by this user
Quote this message in a reply
10-12-2010, 02:51 AM (This post was last modified: 10-12-2010 01:48 PM by drankur.)
Post: #165
RE: Administrating MyBB - good practices
i just wonder... at many times the forums are hacked by an automated script , so for that should we keep a fake admin directory or better not to have such director on board??
i just found a good article on google, thought might be useful:
http://www.cmswire.com/cms/web-cms/how-t...002339.php

also want to know what does this mean
Quote:http://inj3ct0r.com/exploits/13706

Shifting from phpbb3 after using for 2.7 years.. started loving MyBB Big Grin
Vote for MyBB, would love to see winning!
AUTO Backup ur Database
Find all posts by this user
Quote this message in a reply
01-25-2011, 12:01 AM
Post: #166
RE: Administrating MyBB - good practices
One thing i dont get about just changing directory to adminCP is if someone visits that page they still have to get your password. and if they go on the forum, and get your password they will already have it AND a link to the renamed directory
Find all posts by this user
Quote this message in a reply
01-25-2011, 04:29 AM
Post: #167
RE: Administrating MyBB - good practices
(01-25-2011 12:01 AM)Booher Wrote:  One thing i dont get about just changing directory to adminCP is if someone visits that page they still have to get your password. and if they go on the forum, and get your password they will already have it AND a link to the renamed directory

see this http://community.mybb.com/thread-9991-po...#pid580900

Shifting from phpbb3 after using for 2.7 years.. started loving MyBB Big Grin
Vote for MyBB, would love to see winning!
AUTO Backup ur Database
Find all posts by this user
Quote this message in a reply
07-28-2011, 01:53 PM
Post: #168
RE: Administrating MyBB - good practices
(06-29-2006 07:51 PM)Galen Wrote:  
destroyer Wrote:
Galen Wrote:I've said it before and I'll say it again.��Take a screen cap of your board's copyright.��Open the screen cap and crop it down so that it's just a pic of the copyright.��Now, replace the default text copyright with that image.��This prevents script kiddies from finding your site by googling "Powered by MyBB" but it still leaves the copyright in tact for all to see.

I should note that I have not gotten an official answer on whether or not it's "Ok" to do this.��I would think so, though, and unless Chris or someone else with MyBB Group specifically says "don't do that" then I'm going to keep doing it and I recommend that the rest of you do it as well. Smile

Can you help me doing this?

Certainly.��Here is an image of your forum's copyright:


Upload this image to http://www.chat2b.be/forum/images/

Now, go into AdminCP > Templates > Modify/Delete > *Your Template* > Expand > footer

Find the copyright there.��It will look something like:

Code:
$lang->powered_by <a href="http://www.mybboard.com" target="_blank">MyBB</a> $mybbversion<br />
                $lang->copyright &copy; $copyyear <strong><a href="http://www.mybboard.com" target="_blank">MyBB Group</a></strong><br />
(that's the MyBB default copyright.��I see you've modified yours, so you shouldn't have any trouble finding it since you obviously have once before Smile )

Delete and replace that copyright code with the following:

Code:
<img src="http://chat2b.be/forum/images/copyright.gif"��border="0" usemap="#copyright" title="Copyright" alt="Coypright">

<map name="copyright">
<area href="http://www.mybboard.com/" shape="rect" coords="156,22,267,39">
<area href="http://www.chat2b.be/" shape="rect" coords="185,39,279,55">
</map>

That gives you an image duplicate of your copyright as well as the image map to keep the links in tact.��Enjoy Smile




Great idea and tip. Thanks a lot.
Find all posts by this user
Quote this message in a reply
01-01-2012, 08:03 PM
Post: #169
RE: Administrating MyBB - good practices
(10-02-2010 06:08 AM)drankur Wrote:  should we change this also
PHP Code:
$config['hide_admin_links'] = 0

to 1 means hide it??

So if we change the "0" to a "1" it removes the admincp link in our user information area.

BUT...

If we do this, and decide to change it back to "0" to add the admin cp link back...

Will the admincp link be back there without us having to edit any templates, correct?

Thanks
Find all posts by this user
Quote this message in a reply
01-01-2012, 09:10 PM
Post: #170
RE: Administrating MyBB - good practices
(01-01-2012 08:03 PM)FooFighter Wrote:  
(10-02-2010 06:08 AM)drankur Wrote:  should we change this also
PHP Code:
$config['hide_admin_links'] = 0

to 1 means hide it??

So if we change the "0" to a "1" it removes the admincp link in our user information area.

BUT...

If we do this, and decide to change it back to "0" to add the admin cp link back...

Will the admincp link be back there without us having to edit any templates, correct?

Thanks

Yes. if hide_admin_links is 1, MyBB doesn't define the admincp link variable.

-Paul H.
Please feel free to PM regarding issues within the community, the blog, social media pages, or the public image of MyBB.

Cogisne lingua latina?
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication