Thread Rating:
  • 13 Vote(s) - 4.54 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Six Methods to Protect Your MyBB Forums
#91
Summarizing (and maybe update OP post?)

(01-09-2011, 11:38 AM)chef Wrote:
(02-10-2009, 02:34 AM)Zash Wrote: If you have multiple administrators, use the following code instead:


Quote:ErrorDocument 403 http://www.mybbwebhost.com
Order deny,allow
Deny from all
Allow from 123.45.67.899
Allow from 998.76.54.321
Having added a list of IP addresses to access adminCP, when trying to access adminCP, from one of the IP addresses, it still bounces to the redirected page.



putting a comma after the deny from all seems to work

so it should look like;

Quote:ErrorDocument 403 http://www.mybbwebhost.com
Order deny,allow
Deny from all,
Allow from 123.45.67.899
Allow from 998.76.54.321
Are commas needed for each link of 'allowed' IP addresses?
Adding that 1 single comma fixed it for me too... Important detail I'd say Smile

----
(01-23-2012, 05:51 AM)ke6gwf Wrote: Although I enjoyed and benefited from your overall Tutorial, I have to disagree with the uber-strong password advice, <knip>. So while it may work for you, most would lose security if they tried it.

If you look around, you will find several good articles that have recently been written on Best Practices for password security, and they pretty much all agree that it has to be able to be remembered by the user, or it isn't secure.
<knip>
The current recommend Best Practice seems to be a long random string of words that is easy to remember, but has nothing to do with your life. Adding some un-related numbers and symbols increases it exponentially.

<knip>
I have implemented some of your other suggestions and tips, so I thank you for them! Smile
I totally agree - learn you all! Smile

(04-21-2012, 10:21 PM)FB92 Wrote: The one thing I generally do is enable this:

Quote:/**
* Hide all Admin CP links
*  If you wish to hide all Admin CP links
*  on the front end of the board after
*  renaming your Admin CP directory, set this
*  to 1.
*/

on the inc/config.php file

as well as the long admin link. that way if they try to gain access to my account they still need to know the link before being able to do anything to the admin side of things.
I'm not fully clear on this subject... Which links? Where and how to disable? I'll google a bit myself, IF I find it, I'll reply that info too...

Thanks!

Devvie
twitter.com/devnullius


--- 
post-edit: when testing, nobody seems to get blocked! http://community.mybb.com/thread-170179-...pid1155720

Ok, from older MyBB versions I found the reasoning... IF your forum account gets compromised, people can easily see, after logging in, where to go for the Admin CP. It's very convenient, those links as long as you control your own account. But when compromised, it would be great if people would remain clueless as of where the admin control panel can be found...

Apparently, there are ways to remove all references to admin-related functions and links. Or at least, one should try to remove all the links... For example, Show IP for admins also gives away the /admin/-folder you use...

So it's hard work and I don't know how and what should be done on MyBB 1.8 - can I take over all the 1.6 manuals out there?
Reply
#92
@bitcoin - What exactly do you mean by "can I take over all the 1.6 manuals out there?"
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
Reply
#93
Pencil 
(05-05-2015, 03:33 AM)Josh H. Wrote: @bitcoin - What exactly do you mean by "can I take over all the 1.6 manuals out there?"

To remove the Admin CP links... Can I follow the 1.6 manuals on my 1.8 board?
Reply
#94
i have changed the name of my admin directory but when i visit my admin cp link i have got 404 not found error . How i solve this ..?
Reply
#95
(05-05-2015, 08:16 PM)iturdu Wrote: i have changed the name of my admin directory but when i visit my admin cp link i have got 404 not found error . How i solve this ..?

You made a backup of the original /admin/ folder, right? I didn't, and well... It was a lot of work getting it all working again  : )

In general, when you were smart enough to first rename /admin/ folder, you should just point your browser to http://url.to/forum/newfolder/

If you did all that, I wouldn't know and I'm just as surprised as you. I hope it helps a little...?

Devvie
Reply
#96
do this methods work for 1.8 latest mybb version as well??
Reply
#97
(12-11-2016, 08:36 PM)numberek Wrote: do this methods work for 1.8 latest mybb version as well??

Yes!
Hey man, what's up?
Reply
#98
Hello Zash
Thank you for posting this thread. I followed steps of renaming the directory and unfortunately now I am having a major problem. I cannot use ACP dashboard. I can simply login but when I click on something I automatically logout.
You can read the full thread here https://community.mybb.com/thread-213560.html
I have started the thread I did not get any response so I thought you might in better position to help me out. My forum is www.iiustudents.com
Please guide me how to solve this problem.
In hope of quick and solvable response.
Thank you in advance.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)