2015-04-29, 07:34 PM
Summarizing (and maybe update OP post?)
----
Thanks!
Devvie
twitter.com/devnullius
---
post-edit: when testing, nobody seems to get blocked! http://community.mybb.com/thread-170179-...pid1155720
Ok, from older MyBB versions I found the reasoning... IF your forum account gets compromised, people can easily see, after logging in, where to go for the Admin CP. It's very convenient, those links as long as you control your own account. But when compromised, it would be great if people would remain clueless as of where the admin control panel can be found...
Apparently, there are ways to remove all references to admin-related functions and links. Or at least, one should try to remove all the links... For example, Show IP for admins also gives away the /admin/-folder you use...
So it's hard work and I don't know how and what should be done on MyBB 1.8 - can I take over all the 1.6 manuals out there?
(2011-01-09, 11:38 AM)chef Wrote: [ -> ]Adding that 1 single comma fixed it for me too... Important detail I'd say(2009-02-10, 02:34 AM)Zash Wrote: [ -> ]If you have multiple administrators, use the following code instead:Having added a list of IP addresses to access adminCP, when trying to access adminCP, from one of the IP addresses, it still bounces to the redirected page.
Quote:ErrorDocument 403 http://www.mybbwebhost.com
Order deny,allow
Deny from all
Allow from 123.45.67.899
Allow from 998.76.54.321
putting a comma after the deny from all seems to work
so it should look like;
Quote:ErrorDocument 403 http://www.mybbwebhost.comAre commas needed for each link of 'allowed' IP addresses?
Order deny,allow
Deny from all,
Allow from 123.45.67.899
Allow from 998.76.54.321
----
(2012-01-23, 05:51 AM)ke6gwf Wrote: [ -> ]Although I enjoyed and benefited from your overall Tutorial, I have to disagree with the uber-strong password advice, <knip>. So while it may work for you, most would lose security if they tried it.I totally agree - learn you all!
If you look around, you will find several good articles that have recently been written on Best Practices for password security, and they pretty much all agree that it has to be able to be remembered by the user, or it isn't secure.
<knip>
The current recommend Best Practice seems to be a long random string of words that is easy to remember, but has nothing to do with your life. Adding some un-related numbers and symbols increases it exponentially.
<knip>
I have implemented some of your other suggestions and tips, so I thank you for them!
(2012-04-21, 10:21 PM)FB92 Wrote: [ -> ]The one thing I generally do is enable this:I'm not fully clear on this subject... Which links? Where and how to disable? I'll google a bit myself, IF I find it, I'll reply that info too...
Quote:/**
* Hide all Admin CP links
* If you wish to hide all Admin CP links
* on the front end of the board after
* renaming your Admin CP directory, set this
* to 1.
*/
on the inc/config.php file
as well as the long admin link. that way if they try to gain access to my account they still need to know the link before being able to do anything to the admin side of things.
Thanks!
Devvie
twitter.com/devnullius
---
post-edit: when testing, nobody seems to get blocked! http://community.mybb.com/thread-170179-...pid1155720
Ok, from older MyBB versions I found the reasoning... IF your forum account gets compromised, people can easily see, after logging in, where to go for the Admin CP. It's very convenient, those links as long as you control your own account. But when compromised, it would be great if people would remain clueless as of where the admin control panel can be found...
Apparently, there are ways to remove all references to admin-related functions and links. Or at least, one should try to remove all the links... For example, Show IP for admins also gives away the /admin/-folder you use...
So it's hard work and I don't know how and what should be done on MyBB 1.8 - can I take over all the 1.6 manuals out there?