vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=326573

Securing vBulletin Question
by COOLORANGEFREEZ
14 Jul 2018 06:11

Looking into securing the vBulletin as much as possible and one of the things to do (recommended) was:

1.) Make sure the getadmin.php file is nowhere on the website.

What does this mean, where to find it and what to do to secure this?

Thanks for your knowledge

Dave 14 Jul 2018 15:42

Bit of a vague recommendation but they tell you to make sure that no such file exists in the root of your website. For example if your site is example.com, it should not exist at example.com/getadmin.php.

COOLORANGEFREEZ 14 Jul 2018 23:40

I typed in the front page and the actual forum as well and added /getadmin.php to both and came up with 404 errors. That seems like a good thing.

I didn't do any changes to the getadmin.php though so still not sure that aspect is secure.

I will have to learn about this more.

I'm assuming someone could somehow exploit this and take over the admin control of the forum?

Thanks for your help.

Dave 15 Jul 2018 00:12

Apparently "getadmin.php" is a script to set a specific username to the administrator usergroup. But I think it's very old since it does not exist in the latest vBulletin 3 installation files.

I don't think you have to worry about it.

COOLORANGEFREEZ 15 Jul 2018 04:32

Thanks for that information. I'm moving on to create passwords for directories.

socialteenz 15 Jul 2018 07:33

Quote:

Originally Posted by COOLORANGEFREEZ (Post 2595582)
Thanks for that information. I'm moving on to create passwords for directories.

Only the admincp and modcp should be password protected not all of them.

COOLORANGEFREEZ 16 Jul 2018 15:45

Thanks for that. Will complete in that way.


All times are GMT. The time now is 03:06.

Powered by vBulletin® Version 3.8.12
Copyright © 2018, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.