MyBB

drankur · 10-02-2010, 06:08 AM

should we change this also

PHP Code:

$config['hide_admin_links'] = 0; 

to 1 means hide it??

TheGodFather · 10-11-2010, 09:09 AM

Another good practice, make a new account, give the primary group as member/registered user and give the secondary group as Administrator. So people will not come to know that it is admin account and will not try to hack it do anything stupid. So if you fell in trouble in future with your main admin account you can make use of this spare admin account. You can fix the problem using this account.

I had seen many people loosing admin account because of being locked up with false login attempts, error loops in MyBB functionality. So this will be a temporary solution to take care of your forum.

drankur · 10-11-2010, 10:39 AM

one more suggestion by me, tell whether it is right or wrong:
reference: http://mattrogowski.co.uk/2009/06/24/myb...en-hacked/

I came across that
MattRogowski mentioned that this file be included in the inc folder as htaccess, i did that

<files config.php>
Order deny,allow
deny from all
</files>

second
MattRogowski told to rename admin directory, i renamed and removed the direct link access.

now what i am thinking is , making a FAKE admin directory with the name of admin itself and in it put a htaccess file same as for config.

what this will do, it will make hacker feel that admin directory is there and it is protected, so he will waste time on in it and will not think of on the line that renamed directory exist.

Please tell whether my idea is good or bad. Toungue

TheGodFather · 10-11-2010, 07:51 PM

^^ yes, you are right. and also dont forget to use the password protect directory feature provided by your hosting service (probably paid) and be safe Wink

drankur · (This post was last modified: 10-12-2010 01:48 PM by drankur.)

i just wonder... at many times the forums are hacked by an automated script , so for that should we keep a fake admin directory or better not to have such director on board??

i just found a good article on google, thought might be useful:
http://www.cmswire.com/cms/web-cms/how-t...002339.php

also want to know what does this mean

Quote:http://inj3ct0r.com/exploits/13706

~~Booher~~ · 01-25-2011, 12:01 AM

One thing i dont get about just changing directory to adminCP is if someone visits that page they still have to get your password. and if they go on the forum, and get your password they will already have it AND a link to the renamed directory

drankur · 01-25-2011, 04:29 AM

(01-25-2011 12:01 AM)Booher Wrote: One thing i dont get about just changing directory to adminCP is if someone visits that page they still have to get your password. and if they go on the forum, and get your password they will already have it AND a link to the renamed directory

see this http://community.mybb.com/thread-9991-po...#pid580900

mikew · 07-28-2011, 01:53 PM

(06-29-2006 07:51 PM)Galen Wrote:
destroyer Wrote:
Galen Wrote:I've said it before and I'll say it again.��Take a screen cap of your board's copyright.��Open the screen cap and crop it down so that it's just a pic of the copyright.��Now, replace the default text copyright with that image.��This prevents script kiddies from finding your site by googling "Powered by MyBB" but it still leaves the copyright in tact for all to see.

I should note that I have not gotten an official answer on whether or not it's "Ok" to do this.��I would think so, though, and unless Chris or someone else with MyBB Group specifically says "don't do that" then I'm going to keep doing it and I recommend that the rest of you do it as well.

Can you help me doing this?

Certainly.��Here is an image of your forum's copyright:

Upload this image to http://www.chat2b.be/forum/images/

Now, go into AdminCP > Templates > Modify/Delete > *Your Template* > Expand > footer

Find the copyright there.��It will look something like:

Code:

$lang->powered_by <a href="http://www.mybboard.com" target="_blank">MyBB</a> $mybbversion<br /> $lang->copyright © $copyyear <strong><a href="http://www.mybboard.com" target="_blank">MyBB Group</a></strong><br />
(that's the MyBB default copyright.��I see you've modified yours, so you shouldn't have any trouble finding it since you obviously have once before )

Delete and replace that copyright code with the following:

Code:

<img src="http://chat2b.be/forum/images/copyright.gif"��border="0" usemap="#copyright" title="Copyright" alt="Coypright"> <map name="copyright"> <area href="http://www.mybboard.com/" shape="rect" coords="156,22,267,39"> <area href="http://www.chat2b.be/" shape="rect" coords="185,39,279,55"> </map>

That gives you an image duplicate of your copyright as well as the image map to keep the links in tact.��Enjoy

Great idea and tip. Thanks a lot.

FooFighter · 01-01-2012, 08:03 PM

(10-02-2010 06:08 AM)drankur Wrote: should we change this also
PHP Code:

$config['hide_admin_links'] = 0;

to 1 means hide it??

So if we change the "0" to a "1" it removes the admincp link in our user information area.

BUT...

If we do this, and decide to change it back to "0" to add the admin cp link back...

Will the admincp link be back there without us having to edit any templates, correct?

Thanks

**Paul H.** · 01-01-2012, 09:10 PM

(01-01-2012 08:03 PM)FooFighter Wrote:
(10-02-2010 06:08 AM)drankur Wrote: should we change this also
PHP Code:

$config['hide_admin_links'] = 0;

to 1 means hide it??

So if we change the "0" to a "1" it removes the admincp link in our user information area.

BUT...

If we do this, and decide to change it back to "0" to add the admin cp link back...

Will the admincp link be back there without us having to edit any templates, correct?

Thanks

Yes. if hide_admin_links is 1, MyBB doesn't define the admincp link variable.