[Tutorial] Nine Methods to Protect Your MyBB Forums

[rafaelgaluh]

Here I will share some simple tips on how to safeguard our MyBB forum, basically MyBB is already very safe. Each code was written with a net, but here I'll give tips for MyBB us MORE safe again. But before I begin, I want to emphasize that NOTHING IS 100% SAFE ON THE INTERNET. So if you say you've been following my tips but still got hack too, it's not necessarily my fault, but maybe just a mistake or maybe your own hoster. Because of security itself is relative.

Keep Your Passwords Strong!
The number 1 cause of hacking attempts going well is bad passwords on the administrator's behalf. It is not hard to make a good password. If you are that lazy, I will generate one for you!

In fact, since a phishing attempt has been made on my account at Digital Point, I keep all of my passwords for important accounts (like PayPal) so complicated that even I don't know them! I actually have to take out a slip of paper and type it in every single time I want to log in. That's how important it is.

Your passwords should be cryptic, contain uppercase and lowercase letters, numbers, and symbols. It should also be at least 16 characters, maybe more. In fact, according to Blogussion, a simple ten character password can take up to 580 million years to decode! Now isn't that the kind of protection you would want?

Deny External Access to the Config File
Sometimes, plain old permissions isn't enough. This is an .htaccess method that will give anybody who tries to access the config file a 403 error. Your MyBB Forums will still be able to run normally, however. This will protect it from external access only.

Create an .htaccess file in your 'inc' directory, and add the following code:

Quote:# Protect the config.php file
<files config.php>
Order deny,allow
deny from all
</files>

Protect the admin page using htaccess
In part this may be followed or not because at risk. We will make the rules in. Htaccess to allow only certain IP can access the admin page. This is probably a very steady way to protect the admin pages, but remember ... could have been any time you can not get online on your own computer for example, online using your friends computer, but I will share. Okay, make it. Htaccess file in the directory. / Admin, then insert the following code

Quote: RewriteEngine On
RewriteBase /
RewriteCond% {REMOTE_HOST} ^ 12 \ .345 \ .678 \ .9
RewriteRule .* http://www.google.com [R = 301, L]

ip 12 \ .345 \ .678 \ .9 can be replaced with your ip, and if different ip with being entered will be automatically redirected to http://www.google.com

Rename Your Admin Directory
Everyone on the support forums just can't stress this enough! It is very important that you rename your admin directory. How does somebody hack an admin area if they do not know where the files are located? It's very simple, actually.

To do this, enter your web host's control panel and go to the File Manager. Alternatively, you can use an FTP program like FileZilla. Find the directory called 'admin', and simply rename it to something else (it is suggested to rename it to something cryptic, like 87y2ut).

Then, find the config.php file in the 'inc' directory. Look for the following code:

Quote: * Admin CP directory
* For security reasons, it is recommended you
* rename your Admin CP directory. You then need
* to adjust the value below to point to the
* new directory.
*/

$config['admin_dir'] = 'admin

Hide the link Admin Control Panel (ACP)
By default MyBB will display a link to the admin page. Usually located at the top of the forum, the link "ACP". Well, it helps us also to hide this link. So if for example there who made ​​it into our admin account, he still could not find its admin page. The way is as follows: Open the file / inc / config.php and find the line:

Quote:$config['hide_admin_links'] = 0;

and change 0 to 1

Quote:$config['hide_admin_links'] = 1;

then save it
Turn off HTML in posts
You know HTML Injection? know ... well, by default MyBB was then filter the HTML code in the post, but it helps us to "convince" again in order MyBB will never allow the HTML into the post, or in other words MyBB should filter down well every HTML code that the input by the member / user. How?, OK to open PhpMyAdmin then run the following query:

Quote: UPDATE `mybb_forums` SET `allowhtml` = '0';

After that, go to ACP> Tools & Maintenance> Cache Manager> forums> Rebuild Cache. Yup, MyBB is not going to bother with HTML in user input.

Hide MyBB version
Inform our forum version is tantamount to saying "hackers, this version of my forum. Search for bugs there ... haha, we must hide the version of our forums., Go to ACP> Configuration> General Configuration> Show Version Numbers> Off. completed

Make sure you use the latest version of MyBB.
Come on ... do not be lazy to upgrade your forum. I have explained it. If MyBB released a new version of its CMS, can be sure there are bugs that have been found in its version before. And of course you MUST to upgrade it! how can you look at the MyBB Wiki

Do not use too many plugins!.
I do not forbid you to use the plugin, you just want to legitimately use any plugins that you think cool. But remember, the plugin develop by a third party! not by the official developers MyBB. Bug can be found on the plugin are you using now! therefore, make sure the plugin you're using it secure and clean from all sorts of bugs. 1-4 plugins is enough, it was important that the taste alone. As anti-spam for instance. The more complex a plugin, the greater the likelihood also contains bugs!

sorry I do not speak english fluently
if there is a mistake to write please let me know

[Exception]

Good Instructions. Yeah, MyBB is already very safe but still It's good to have these.