Register Arama Bugünkü Mesajlar Tüm Forumu Okundu Say

Reply
 
Thread Tools
HOWTO: Secure your vBulletin sensitive data
vB.Org Poster
vB.Org Poster has disabled reputation
Kayıt Tarihi: Jul 2018
Mesajlar: 298

Show Printable Version Email this Page
Makale: Yönetim Makaleleri, yazan vB.Org Poster 10 Jul 2018, 19:35

vBulletin is a very secure web application. Except the fact that it has the database, user name and password included into a readable text file.
There is a very simple way to correct this issue.
Basically, you grab the sensitive information and you move it outside the public area.

Secured vBulletin config.php file
Let's presume your server has the following structure:

Kod Blok Kilitli:      (Kayıt veya giriş yapmalısın)  
Engellenmiş, kayıtlı olmayan veya onay bekleyen kişiler kodlara erişemezler.

Start by opening your config.php file:

Kod Blok Kilitli:      (Kayıt veya giriş yapmalısın)  
Engellenmiş, kayıtlı olmayan veya onay bekleyen kişiler kodlara erişemezler.

Paste inside the PHP EOF key (?>). It probably got deleted by accident in one of the SVN branches. It should look like that:

Kod Blok Kilitli:      (Kayıt veya giriş yapmalısın)  
Engellenmiş, kayıtlı olmayan veya onay bekleyen kişiler kodlara erişemezler.

Now, run those commands:

Kod Blok Kilitli:      (Kayıt veya giriş yapmalısın)  
Engellenmiş, kayıtlı olmayan veya onay bekleyen kişiler kodlara erişemezler.

I really hope you use nginx or lighttpd as web server, not Crapache, the resources hogger who eats memory like an elephant. Large sites like YouTube, Sourceforge, Alexa, etc. use it, you should also.

Secured MySQL vBulletin user
Start by creating a new database user:

Kod Blok Kilitli:      (Kayıt veya giriş yapmalısın)  
Engellenmiş, kayıtlı olmayan veya onay bekleyen kişiler kodlara erişemezler.

Note: Did you know that you can paste a password into your telnet window?
No need to memorize them... so you can use very complex passwords in your Linux configuration.

The privileges listed above are the only ones vBulletin needs for any operation, including upgrades.
Make sure you have only the users you need/use, in your MySQL database.
Hosts or users defined as "" are dangerous because they open the door to security issues.
The MySQL site tells you how to secure your user accounts, very well.

Also, I strongly suggest you to use at least 85 bits, for the quality of your server passwords.
A very good tool to generate and have all your passwords grouped together is KeePass.
It will store very securely all your important passwords. The beauty of this program is the fact that you can keep it on your USB flash drive and travel with it everywhere. Plus, it is free and works on Windows, Linux and MacOS.
I use it all the time to generate very strong passwords for all my server configurations.

Shared Accounts
If you are on a shared account, get a server. vBulletin was not meant to run on a shared account. Once your forums are getting a little popular, the site will die on you constantly.

That's all, enjoy your secured config.php file as well the secured MySQL user.
Views: 48
Reply With Quote
Reply

Thread Tools

Şunları Yapabilirsin
Yeni Konu Açmak
Konuya Cevap Yazmak
Eklenti Eklemek
Düzenleme Yapabilmek

Forum Atla


LD'de Yeni misin? Yardıma mı ihtiyacın var?

All times are GMT +3. The time now is 13:44.

Tasarım Özelliği | Genişlik: Geniş Renk: HOWTO: Secure your vBulletin sensitive data HOWTO: Secure your vBulletin sensitive data HOWTO: Secure your vBulletin sensitive data HOWTO: Secure your vBulletin sensitive data HOWTO: Secure your vBulletin sensitive data