MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Password Protect All Directories?
Full Version: Password Protect All Directories?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

FooFighter

2012-09-29, 11:27 PM
Using cpanel password directories, are there any disadvantages of protecting all our directories except for our main forums off course...so member can come and go.

???

Thanks

Adobe

2012-09-30, 04:25 AM
I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

Nathan Malcolm

2012-09-30, 06:05 AM
(2012-09-30, 04:25 AM)kamz89 Wrote: [ -> ]I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

AlienHoboken

2012-09-30, 06:47 AM
Or a simple chmod 600 would do that too. Without the added layer of Apache controls via .htaccess.

Adobe

2012-10-02, 01:16 AM
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote: [ -> ]
(2012-09-30, 04:25 AM)kamz89 Wrote: [ -> ]I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.

phuongnamit

2012-10-31, 12:19 PM
If using password. So who can access your site?

MYBB GHOST

2012-11-03, 01:58 AM
How do you password protect plugins?

pavemen

2012-11-03, 03:08 AM
(2012-10-02, 01:16 AM)kamz89 Wrote: [ -> ]
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote: [ -> ]
(2012-09-30, 04:25 AM)kamz89 Wrote: [ -> ]I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.

you are missing the point, just use deny from all and be done with it. no one, not even you on your own site, needs direct HTTP access to anything other the forum root, admin and uploads folders. using deny from all in htaccess does not impact php calling the files, nor (S)FTP access to the folder.

Adobe

2012-11-05, 02:35 AM
(2012-11-03, 03:08 AM)pavemen Wrote: [ -> ]
(2012-10-02, 01:16 AM)kamz89 Wrote: [ -> ]
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote: [ -> ]
(2012-09-30, 04:25 AM)kamz89 Wrote: [ -> ]I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.

you are missing the point, just use deny from all and be done with it. no one, not even you on your own site, needs direct HTTP access to anything other the forum root, admin and uploads folders. using deny from all in htaccess does not impact php calling the files, nor (S)FTP access to the folder.

Oh shoot you have a point. I had to read your post three times to understand what you meant lol.

Just to stay on the safe side, I can deny access to all the folders except the forum root, uploads and admin and the forums denied direct access would not impact the way my site currently functions right?

Josh H.

2012-11-05, 02:47 AM
(2012-11-05, 02:35 AM)kamz89 Wrote: [ -> ]
(2012-11-03, 03:08 AM)pavemen Wrote: [ -> ]
(2012-10-02, 01:16 AM)kamz89 Wrote: [ -> ]
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote: [ -> ]
(2012-09-30, 04:25 AM)kamz89 Wrote: [ -> ]I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.

you are missing the point, just use deny from all and be done with it. no one, not even you on your own site, needs direct HTTP access to anything other the forum root, admin and uploads folders. using deny from all in htaccess does not impact php calling the files, nor (S)FTP access to the folder.

Oh shoot you have a point. I had to read your post three times to understand what you meant lol.

Just to stay on the safe side, I can deny access to all the folders except the forum root, uploads and admin and the forums denied direct access would not impact the way my site currently functions right?

I think you could leave uploads, because it can be useful at times.
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Password Protect All Directories?