Register Members List Search Today's Posts Mark Forums Read

Reply
 
Article Options
SecureMe V1.0 - Secure Your Admin Panel
invisiblea
Join Date: Feb 2008
Posts: 65

by invisiblea invisiblea is offline 08 Aug 2008
Rating: (1 vote - 5.00 average)

Hello guys,

It just came to my mind to make something to secure the ACP of my vBulletin. I'd like to share it with you guys too!

Basically what it does is just allow the IP's you provide to access the ACP. You can add as many IP's you need(For your staff)

Step 1) Create a file named .htaccess
Step2)
Add this in the file..


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Just replace the IP with YOUR HOME IP. Like wise you can add more
Views: 7461
Reply With Quote
Comments
  #2  
Old 08 Aug 2008, 20:50
II AnDo II II AnDo II is offline
 
Join Date: Jun 2008
sounds good thanks
Reply With Quote
  #3  
Old 08 Aug 2008, 22:27
hauli hauli is offline
 
Join Date: Aug 2008
Location: Switzerland
Real name: Hans
verry good idea! thanx
Reply With Quote
  #4  
Old 08 Aug 2008, 22:29
dt_truck11's Avatar
dt_truck11 dt_truck11 is offline
 
Join Date: Apr 2008
Real name: Dustin
this is a great idea, but wht about the users who have aol or somtin where their ip changes whenever they sign on.
Reply With Quote
  #5  
Old 08 Aug 2008, 23:56
youradhere4222 youradhere4222 is offline
 
Join Date: Sep 2007
This is a good idea, but it's not for me or for those who often access their ACP from computers other than their own.

I had this implemented but I finally figured that the nuisance of not being able to access your ACP from anything but your own computer outweigh the extra protection this provides.
Reply With Quote
  #6  
Old 09 Aug 2008, 00:09
syrus.xl's Avatar
syrus.xl syrus.xl is offline
 
Join Date: Jun 2005
I wouldn't use this... There are easier ways to protect the admincp directory. I've known people to block their own IP's doing it this way.

1. Rename it, and change the variable in the config.php file.
2. Add user and password protection.
3. Add redirect if admincp is accessed directly (requires FTP to change - not recommended for users that access their admincp often.

Just a few ideas...
Reply With Quote
  #7  
Old 09 Aug 2008, 02:59
youradhere4222 youradhere4222 is offline
 
Join Date: Sep 2007
Originally Posted by syrus.xl View Post
3. Add redirect if admincp is accessed directly (requires FTP to change - not recommended for users that access their admincp often.
Do you have instructions on how to do this?
Reply With Quote
  #8  
Old 09 Aug 2008, 13:10
Mephisteus's Avatar
Mephisteus Mephisteus is offline
 
Join Date: Dec 2001
Originally Posted by youradhere4222 View Post
Do you have instructions on how to do this?
That's fake security, and it's something you shouldn't rely on. A browser can easily fake a referer and thus it just becomes more of a nuisance. It can be faked so easily that if a hacker can get through whatever is next, said hacker will have no problem getting past this particular hurdle.

It'd be better to do it the other way around, if accessed through the main page (through a link that you should remove) show the 404 not found error page. Go with the Auth as shown above but add all known ranges for your provider if you have a changing IP, you'll still block a whole lot more and if it doesn't match, show the 404 error.

The 404 leads someone just probing to believe there's nothing there and thus move on.

If you really don't want to use the IP you can force an htaccess pop up on all sub-directories that don't exist, and then manually add an identical screen for the acp directory. Of course you don't want any broken referers on your site then since users would get a popup.

But in all seriousness, the regular vBulletin login with a user specific login, an htaccess with a singular login (and another username and password) and changing the directory to something with uppercase/lowercase/numbers/special characters will increase security to such a point where if they get passed it you really should be wondering if the server got compromised.

Most of this *should* make sense, but since I wrote it as I was thinking it it might be a bit messy

PS
Sorry to hijack the thread
Reply With Quote
  #9  
Old 09 Aug 2008, 14:07
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Moved to Articles.
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #10  
Old 11 May 2009, 01:43
mac-warez mac-warez is offline
 
Join Date: Oct 2008
Real name: Tyler
Someone should re-write for LightTPD
Reply With Quote
  #11  
Old 22 Jun 2009, 22:36
avsunforum avsunforum is offline
 
Join Date: Feb 2008
Oww Thanks
Reply With Quote
Reply

Similar Article
Article Author Type Replies Last Post
Administrative and Maintenance Tools Members Online in Admin Control Panel and Mod Control Panel Michael Biddle vBulletin 3.6 Add-ons 29 11 Apr 2016 22:11
Administrative and Maintenance Tools Admin CP Authentication mod : to secure your CP Menasim vBulletin 3.6 Add-ons 32 01 Feb 2009 15:24



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Article Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 23:02.

Layout Options | Width: Wide Color: