Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 14 Jul 2018, 06:11
COOLORANGEFREEZ COOLORANGEFREEZ is offline
 
Join Date: Jul 2009
Securing vBulletin Question

Looking into securing the vBulletin as much as possible and one of the things to do (recommended) was:

1.) Make sure the getadmin.php file is nowhere on the website.

What does this mean, where to find it and what to do to secure this?

Thanks for your knowledge
Reply With Quote
  #2  
Old 14 Jul 2018, 15:42
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Bit of a vague recommendation but they tell you to make sure that no such file exists in the root of your website. For example if your site is example.com, it should not exist at example.com/getadmin.php.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #3  
Old 14 Jul 2018, 23:40
COOLORANGEFREEZ COOLORANGEFREEZ is offline
 
Join Date: Jul 2009
I typed in the front page and the actual forum as well and added /getadmin.php to both and came up with 404 errors. That seems like a good thing.

I didn't do any changes to the getadmin.php though so still not sure that aspect is secure.

I will have to learn about this more.

I'm assuming someone could somehow exploit this and take over the admin control of the forum?

Thanks for your help.
Reply With Quote
  #4  
Old 15 Jul 2018, 00:12
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Apparently "getadmin.php" is a script to set a specific username to the administrator usergroup. But I think it's very old since it does not exist in the latest vBulletin 3 installation files.

I don't think you have to worry about it.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #5  
Old 15 Jul 2018, 04:32
COOLORANGEFREEZ COOLORANGEFREEZ is offline
 
Join Date: Jul 2009
Thanks for that information. I'm moving on to create passwords for directories.
Reply With Quote
  #6  
Old 15 Jul 2018, 07:33
socialteenz's Avatar
socialteenz socialteenz is offline
 
Join Date: May 2011
Real name: Arun
Originally Posted by COOLORANGEFREEZ View Post
Thanks for that information. I'm moving on to create passwords for directories.
Only the admincp and modcp should be password protected not all of them.
__________________
Reply With Quote
  #7  
Old 16 Jul 2018, 15:45
COOLORANGEFREEZ COOLORANGEFREEZ is offline
 
Join Date: Jul 2009
Thanks for that. Will complete in that way.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 07:23.

Layout Options | Width: Wide Color: