How to secure your vBulletin Forum (basic)
- This guide will run you through the basic things that you need to when securing you vBulletin forum
- I will add screenies too once my site comes back online
The first thing which you need to do is make sure that your AdminCP is secure. As you will know, the default for this is /forum/admincp. However you will want to firstly change this to random lettering, which only you will remember, so that nobody can access it. You can do this by simply finding the AdminCP file and changing its name. You will also want to do this forum your ModCP.
The next thing is adding htt access protection, which means there is a box which comes up saying “authentication and passwordâ€
You will need to go into your Cpanel software and go under security, you will find “Password protect your filesâ€. Do this for both
your admincp and modcp. Don’t forget to make yourself and account so that you can access it obviously though.
You could also make it so only your IP can access it
This is your choice though, I would not recommend it because although it offers a lot of protection and block people who you do not want, but will most likely block you too.
This is for cpanel protection and indeed any htt access protected files. You should also put protection upon your Includes file, and you Upload file, so that nobody can access them.
Next you should remove the vBulletin version number (notice it’s not on wjunction), as this makes it harder for people to try and exploit your forum, although it should be protected on vBulletin 3.8. and vBulletin 3.4.0.
Next you should set yourself to an undeletable user, meaning that they cannot touch your Admin you can do this in the config file.
Next you should make sure, that users cannot use HTML in posts, signatures or anywhere on the forum really, because this is just asking to get hacked
Make sure your PhpMyAdmin is password protected (should be anyway)
Make sure you don’t have tools.php
Install the plugin vBfirewall as this protects from hackers with SQL Injection etc. (vbteam.info)
Don’t install fucked up hacks that are not necessary, you could get hacked this way
Obviously make sure there is no viruses or key loggers on your computer
Don’t let your staff use hotmail, its just retarded and you will get pwnt
You should next delete the link that connects your admincp to the forum on the index page. This just means if you get owned
they wont be able to get to the admincp, you can find this in config.php (optional not of great importance)
Don’t use the same password as other forums
Use a secure email provider preferably your own or hushmail
Don’t upload to the directory called do_not_upload obv lol
Remove any impEx files if you used this
You are best removing the prune option from the ModCP, why would they ever need to prune an entire forum, they have the power to delete all the posts
Keep a daily backup just in case
If you share a server, then make sure all your .php, .htm and .asp are chmod644 and nothing else, otherwise you will get hacked.
This is important on nulled VB which you should only get from trusted sources btw.
Make sure your staff are trusted
This was a basic tutorial, I’m sure there is loads of other things as well, but this should hopefully give you some protection from hackers. Won’t do much against DDO’S of course. This tutorial was made by me and the security I use.
- This guide will run you through the basic things that you need to when securing you vBulletin forum
- I will add screenies too once my site comes back online
The first thing which you need to do is make sure that your AdminCP is secure. As you will know, the default for this is /forum/admincp. However you will want to firstly change this to random lettering, which only you will remember, so that nobody can access it. You can do this by simply finding the AdminCP file and changing its name. You will also want to do this forum your ModCP.
The next thing is adding htt access protection, which means there is a box which comes up saying “authentication and passwordâ€
You will need to go into your Cpanel software and go under security, you will find “Password protect your filesâ€. Do this for both
your admincp and modcp. Don’t forget to make yourself and account so that you can access it obviously though.
You could also make it so only your IP can access it
This is your choice though, I would not recommend it because although it offers a lot of protection and block people who you do not want, but will most likely block you too.
This is for cpanel protection and indeed any htt access protected files. You should also put protection upon your Includes file, and you Upload file, so that nobody can access them.
Next you should remove the vBulletin version number (notice it’s not on wjunction), as this makes it harder for people to try and exploit your forum, although it should be protected on vBulletin 3.8. and vBulletin 3.4.0.
Next you should set yourself to an undeletable user, meaning that they cannot touch your Admin you can do this in the config file.
Next you should make sure, that users cannot use HTML in posts, signatures or anywhere on the forum really, because this is just asking to get hacked
Make sure your PhpMyAdmin is password protected (should be anyway)
Make sure you don’t have tools.php
Install the plugin vBfirewall as this protects from hackers with SQL Injection etc. (vbteam.info)
Don’t install fucked up hacks that are not necessary, you could get hacked this way
Obviously make sure there is no viruses or key loggers on your computer
Don’t let your staff use hotmail, its just retarded and you will get pwnt
You should next delete the link that connects your admincp to the forum on the index page. This just means if you get owned
they wont be able to get to the admincp, you can find this in config.php (optional not of great importance)
Don’t use the same password as other forums
Use a secure email provider preferably your own or hushmail
Don’t upload to the directory called do_not_upload obv lol
Remove any impEx files if you used this
You are best removing the prune option from the ModCP, why would they ever need to prune an entire forum, they have the power to delete all the posts
Keep a daily backup just in case
If you share a server, then make sure all your .php, .htm and .asp are chmod644 and nothing else, otherwise you will get hacked.
This is important on nulled VB which you should only get from trusted sources btw.
Make sure your staff are trusted
This was a basic tutorial, I’m sure there is loads of other things as well, but this should hopefully give you some protection from hackers. Won’t do much against DDO’S of course. This tutorial was made by me and the security I use.
