Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Remove version numbers from admin directory.
#1
Hi,

I just was thinking..

What about an option to delete version numbers after the copyright mark in the admin directory ?? I heard a user talking about looking to the version number there to know which exploit he could use to hack the forums.

For example, if I was running 1.1.2 an exploit published on the internet and found by one of them could be used on my site. But if they don't know what version number we have, they probably don't try it.

(There already is an option to remove version numbers from the footer, so it would be nice to have it also for the admin directorySmile).
[Image: destroyerjf8.jpg]

Give us your feedback about MyBB in this thread and become listed on the MyBB website.
#2
The safest option is never to have the admin directory in the default of /admin, change it to something else and update AdminDir in the config file
that's not a bug, thats an unexpected feature

demp.se/y - Messenger Plus! SoundPack DB - Weird Fish
#3
The version number on the login page of the ACP has already been removed. However you will still see the version after you login
Dennis Tsang
Former MyBB Team Member
Web: http://dennistt.net
#4
ok Smile
[Image: destroyerjf8.jpg]

Give us your feedback about MyBB in this thread and become listed on the MyBB website.
#5
Wink 
destroyer Wrote:Hi,

I just was thinking..

What about an option to delete version numbers after the copyright mark in the admin directory ?? I heard a user talking about looking to the version number there to know which exploit he could use to hack the forums.

For example, if I was running 1.1.2 an exploit published on the internet and found by one of them could be used on my site. But if they don't know what version number we have, they probably don't try it.

(There already is an option to remove version numbers from the footer, so it would be nice to have it also for the admin directorySmile).
Just remember that removing the version number creates security through obscurity, which isn't that secure at all.


Forum Jump:


Users browsing this thread: 1 Guest(s)