Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Wed Aug 23, 2006 9:29 pm Reply with quote

Quote:

I mean, the instructions said to change the location of the real config and then put another config in it's place pointing to where it actually is.

Where does the Raven-supplied HowToInstall manual tell you to move your config.php file? We do not believe that to be much of a help. If someone can get into your site that far to view that script, they can probably do far more damage than hiding your config.php script will do. Just leave it in the root.

Yes, do not upgrade as yet your BBtoNuke (phpBB) as yet, as there are still concerns lurking out there that it has issues (until someone tells me otherwise). However, you will want to upgrade NukeSentinel to at least 2.4.2 pl9 or better and do this to protect your forum admins:
Only registered users can see links on this board! Get registered or login!

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
bugsTHoR
Involved
Involved


Joined: Apr 05, 2006
Posts: 261

PostPosted: Thu Aug 24, 2006 12:39 pm Reply with quote

robots txt

like i have here add any folder you want to stop showing up

User-agent: *
Disallow: /abuse/
Disallow: /admin/
Disallow: /blocks/
Disallow: /cgi-bin/
Disallow: /db/
Disallow: /images/
Disallow: /includes/
Disallow: /language/
Disallow: /modules/
Disallow: /themes/
Disallow: /admin.php
Disallow: /config.php
Disallow: /downloads/

or use your .htaccess I`m sure someone with more idea how that works will let you / me know Wink

_________________
Only registered users can see links on this board! Get registered or login! LUV RAVEN DISTROBUTION BEBE

Clanthemes.com are great (free advertisements for now until i get to 20,000 posts LoL) 
View user's profile Send private message Visit poster's website
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Thu Aug 24, 2006 2:12 pm Reply with quote

Are you sure you didnt read something about changing the location of the admin.php file and not the config.php file?
Any way, leave everything where it is, thats where mine are and I have not been hacked yet after all these years Wink

Ignore the forum update for now, there is nothing in it that is critical.
Enjoy using your site for a while Smile
 
View user's profile Send private message Send e-mail
montego
PostPosted: Fri Aug 25, 2006 6:29 am Reply with quote

bugsTHoR, that only affects search engines and only those which "behave". You can use .htaccess, but in reality, what that protects is access from the web, such as from the browser, and NOT from a direct read. Even if you accessed your config.php script from your browser, it wouldn't show you anything, so using .htaccess is a moot point here.
 
Guardian2003
PostPosted: Sat Aug 26, 2006 12:25 am Reply with quote

Sorry M, looks like I took so long to post you both posted before I hit send.
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sat Aug 26, 2006 6:54 am Reply with quote

If its ok that I jump in here;
Alot of problems have arrisen on my test site for phpbb 2.0.21

I wouldnt sudjest it.

As for your dummy config.php

The contents should be:

<?php
if (stristr($_SERVER['SCRIPT_NAME'], "config.php")) {
Header("Location: index.php");
die();}
include("mysite/config.php");
?>

You will need to make a folder called mysite but you can edit that to whatever folder name you would like.
Also, leave the if statement, that will stop them from accessing the file directly, only the browser not any script.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
montego
PostPosted: Sat Aug 26, 2006 6:59 am Reply with quote

darklord, this is an innovative approach. Can't see why it would not work. However, I could suggest actually placing the config.php file outside the web root -- i.e., "up" a level rather than "down". This way, there is no way a web client can access it directly... ever.
 
gregexp
PostPosted: Sat Aug 26, 2006 7:08 am Reply with quote

true but this approach is not my own, this is a script from secure admin a while back. And used on my site personally. To make that happen a simple code change would do it:

If your site is at root level:
<?php
if (stristr($_SERVER['SCRIPT_NAME'], "config.php")) {
Header("Location: index.php");
die();}
include("../config.php");
?>

If your site is below root level:

<?php
if (stristr($_SERVER['SCRIPT_NAME'], "config.php")) {
Header("Location: index.php");
die();}
include("../../config.php");
?>
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Mon Aug 28, 2006 11:14 am Reply with quote

Note that this may stop the forums admin panel from working. You will need code to address the relative paths - or quicker use the full path

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©