Register
Hello There, Guest!

Agario Forum | The Online Agar.io Leading Community Secret TechTalk v
Forum Protection [MyBB]

Thread Rating:
  • 1 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Forum Protection [MyBB]
Veynom Offline
Cobra
***
Posts:
15

Threads:
3

Likes:
9

Joined:
Apr 2016

Reputation:
2

#1
04-25-2016, 04:29 PM (This post was last modified: 04-25-2016, 04:40 PM by Veynom.)
These are just a few tips to make your more secured by making your ACP more secure. This gives you huge adventage againts hackers. No plugins necessary!


Pin protect your ACP login.
- Instead of just Username and Password, you also need Pin or Code in order to login. This helps if your admin account has been compromised.

How to?
On ./admin/inc/class_page.php:

Around line 391:

Change

PHP Code:
Code:
Code:
<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
            <div class="field"><input type="password" name="password" id="password" class="text_input" /></div>

To:

Code:
Code:
<div class="label"{$login_label_width}><label for="password">{$lang->password}</label></div>
            <div class="field"><input type="password" name="password" id="password" class="text_input" /></div>

            <div class="label"{$login_label_width}><label for="pin">Secret PIN</label></div>
            <div class="field"><input type="password" name="pin" id="pin" class="text_input" /></div>

In ./admin/index.php

Around line 136:

Change:

Code:
Code:
if($user['uid'])
    {
        $query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
        $mybb->user = $db->fetch_array($query);
    }

To:

Code:
Code:
if($user['uid'])
    {
        $query = $db->simple_select("users", "*", "uid='".$user['uid']."'");
        $mybb->user = $db->fetch_array($query);
    }
    
    if (isset($config['acp_pin']) && $mybb->input['pin'] != $config['acp_pin']) {
        $default_page->show_login("Invalid PIN","error");
    }

Ok. Then, open ./inc/config.php and add anywhere:

Code:
Code:
$config['acp_pin'] = 'yourpin';

The PIN does not have to be a number, it can be anything.


Allow only certain IPs
- This is brilliant. No one but the ones IP that you've allowed can access Admin login or admin directory for that matter

How to?
Go to your Admin directory via FTP. Make a new file called .htaccess

And add this inside it:

Code:
Code:
ErrorDocument 403 /error.php
Order Allow,Deny
Allow from xx.xxx.xxx.xx

You can edit /error.php to anything you want the page to redirect if someone with none allowed IP tries to access your ACP.

Change x to your IP. You can check your IP from here. If your IP is changing, like mine is, and your're too lazy to go check your IP all the time and allow it, you can make it allow IP of your range. For example:
127.0.0 - see, you don't add the last number there. This uses the range of your IP. Much easier.



Change your Admin directory name
- This is also really important. By default your ACP is "admin". If you keep it that way, hackers will have huge adventage since they know where your admin directory is.

How to?
Well first of change your ACP directory using FTP. Preferably something like "9twgkos3Xf3".

Now go to /inc/config.php and look for:

Code:
Code:
$config['admin_dir'] = 'admin';

Now edit the 'admin' part and change it to what you named your ACP directory earlier.
its too much writing @Sora can implement it
Its Basic step to protect the forum
[Image: Wc9zKY0.jpg]
[-] The following 5 users Like Veynom's post:
  • Exursa , LKD70 , run SPOT run , Sora, Voakie
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)