MyBB Community Forums

Hi,

I just was thinking..

What about an option to delete version numbers after the copyright mark in the admin directory ?? I heard a user talking about looking to the version number there to know which exploit he could use to hack the forums.

For example, if I was running 1.1.2 an exploit published on the internet and found by one of them could be used on my site. But if they don't know what version number we have, they probably don't try it.

(There already is an option to remove version numbers from the footer, so it would be nice to have it also for the admin directory).

The safest option is never to have the admin directory in the default of /admin, change it to something else and update AdminDir in the config file

The version number on the login page of the ACP has already been removed. However you will still see the version after you login

ok

destroyer Wrote:Hi,

I just was thinking..

What about an option to delete version numbers after the copyright mark in the admin directory ?? I heard a user talking about looking to the version number there to know which exploit he could use to hack the forums.

For example, if I was running 1.1.2 an exploit published on the internet and found by one of them could be used on my site. But if they don't know what version number we have, they probably don't try it.

(There already is an option to remove version numbers from the footer, so it would be nice to have it also for the admin directory).

Just remember that removing the version number creates security through obscurity, which isn't that secure at all.