A Few Methods to Protect Your Forums
Posted by final kaoss.HTAccess Protect Your Admin Directory
Renaming the admin directory is just step 1 of 3 different processes you can use to rename your directory. The following code snippet will check for somebody's IP address. If their IP address does not match the one that you specify, they will be redirected to your index.
To do this, create a .htaccess file in your admin directory. Add the following code:
Quoted post: RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^[COLOR="Lime"]68\.193\.195\.1[/COLOR]
RewriteRule .* [COLOR="Red"]http://vgchat.info[/COLOR] [R=301,L]
Change the [COLOR="Lime"]green[/COLOR] to your IP address (using the format specified), and the [COLOR="Red"]red[/COLOR] to the domain you wish to redirect other people.
If you have multiple administrators, use the following code instead:
Quoted post: ErrorDocument 403 [COLOR="Red"]http://vgchat.info[/COLOR]
Order deny,allow
Deny from all
Allow from [COLOR="Lime"]102.54.68.123[/COLOR]
Allow from [COLOR="Lime"]198.32.45.105[/COLOR]
Change the green to each of the IP addresses, and the red to the domain you wish to redirect other people.
Password Protect Your Admin Directory
This is the simplest method of protecting your admin directory. This adds an additional requirement to getting access to the admin directory. Now, people will need an administrative account, correct user password, AND the directory password.
If you use DirectAdmin, go to 'Password Protected Directories' directories. Then, click on 'Find a Directory to Password Protect'. Go to your root folder, and click 'Protect' next to your admin directory.
Then, follow the instructions on the screen to set up a password.
If you use cPanel, go to 'Password Protect Directories' under Security. Then, click on the icons to open up directories until you find the admin directory. Then, click on it.
You will be given the option to set up individual user accounts, which might be a good idea to be able to manage who gets access and who doesn't.
NOTE: If an administrator on your board who had access gets fired, quits, or retires (like WackoLover), I suggest you change the password. For this reason I prefer the cPanel method of different users, because you can then simply delete their access privileges.
Deny External Access to the Config File
Sometimes, plain old permissions isn't enough. This is an .htaccess method that will give anybody who tries to access the config file a 403 error. Your Forums will still be able to run normally, however. This will protect it from external access only.
Create an .htaccess file in the directory that contains your config file, and add the following code:
Quoted post: # Protect the config.php file
Order deny,allow
deny from all
Remember to Update
New versions are posted for a reason. While they do fix a lot of bugs, a bunch of times they patch up an important security exploit. Especially now that this exploit is announced to the public, why would you want to keep your forum vulnerable? VB has a nifty way of reminding you within your ACP when new updates are available.
When I say update, I also mean plugins. Plugins can server as a little back door to a huge mansion called VB. If you keep this door unlocked, who knows what can get in?
That's all for now. In addition to the above, these habits are recommended for everyone:
* Change your password often. If a hacker somehow finds out your password, image how they'll feel after they learn you recently changed it!
* Remove the version numbers. If you do not update your software for whatever reasons, think of version numbers as billboard signs saying 'MY FORUM IS NOT UP TO DATE! HACK ME!!!' Not a message you want to send to hackers.
To disable version numbers, go to 'General Configuration' under 'Board Settings' in your Admin CP. Find 'Show Version Numbers' and set it to 'Off'.
* Make and download backups regularly. VB already has a feature in it's task manager that already makes backups for you. All you need to do is download them to your computer. I personally download backups once every two weeks, or less if there is a burst of activity. It all depends on how big your forums are. Sometimes once a week isn't going to cut it.
I don't know why it hasn't been made yet, but somebody should make a plugin that emails you backups of your forums every X amount of days.