Threaded Mode | Linear Mode

***Twitchin Kitten*** · 02-27-2010, 12:39 PM

This is taken directly from the Mybb board. I thought it would help for those needing a fast reference here as well. It's a good step by step to help you protect your admin panel from attack.

The original link is here if anyone wants to see the whole thread and another link with even more safe admining suggestions.

Additional link: http://community.mybboard.net/thread-44977.html

http://community.mybboard.net/thread-9991.html <-- original post

(06-23-2006 09:16 AM)Peter Wrote:While the flow of MyBB exploits has gotten significantly smaller late, there are still boards that are vulnerable to the latest exploits. Even though we provide patches for every exploit, new exploits are still being found. To counter the misuse of MyBB vulnerabilities, the MyBB group encourages all MyBB users to change the URL of the admin control panel. By default, this is /admin, but with some small and easy adjustments, this directory can be changed to a different directory, which is very hard for hackers to find and therefore gain access to.

Change the admin control panel directory
There are a few steps that you will need to take before the directory is successfully changed. To follow these instructions, you will need a text editor and an FTP client (such as SmartFTP).

Step 1
Using an FTP client, download [mybbroot]/inc/config.php from your server, whereby [mybbroot] is the folder you have installed MyBB in. Then, open that file using any text editor (Notepad will do just fine if you do not have a professional code editor installed).

Step 2
In the file you just opened, look for the following code:

PHP Code:

This Contents Of This Code Block Are Hidden For Your Group - Registration and membership will make the contents of this post visible to you.
Then, replace it with this:

PHP Code:

This Contents Of This Code Block Are Hidden For Your Group - Registration and membership will make the contents of this post visible to you.
Whereby you do not enter "newdir", but a custom directory of your own. Try to make the new directory name include both letters and numbers (for example "no629" is a great name), for maximum safety. Now, save the file.

Step 3
Using your FTP client, upload the file to the location where it came from ([mybbroot]/inc/). Make sure to choose "overwrite", so the old file gets overwritten with the new configuration. When that is done, MyBB will have automatically changed all links to the admin panel for you, but it has not changed the actual directory yet.

Step 4
Still in your FTP client, change the directory of the "admin" folder to the name you just specified in the file. Depending on your FTP client, you can either right-click the directory and select "change name" or do this via the client menu.

Step 5
Once you have completed all previous steps, go to your MyBB installation. Click the "admin panel" link on the main page and see if it still loads correctly. If it does, you have successfully changed your admin panel directory. You can check this by looking in the address bar of the browser, where the new directory will be displayed.

Upgrade to latest MyBB version
If you have not yet upgraded all of your boards to the latest MyBB version, please do so as soon as possible. You can always obtain the latest MyBB version from the MyBB website. You are encouraged to watch the MyBB community board for announcements about patches and new version as well. Full patching instructions will be provided in announcements.

Remove the version number from the ACP
Some hackers search the internet for MyBB boards of a specific version number. If you remove the version number from the ACP, your board is less likely to be found by a hacker. This does not, however, make your board immune to hacking! To switch off the version number in the ACP, log in to the ACP, go to Board Settings -> Change -> General Configuration. Set "Show Version Numbers" to "Off" and the version number will no longer be displayed.

Reminder: back-up your database regularly
In the unlucky case that a hacker does find a way to exploit your MyBB and removes and/or changes valuable data, it is best to have a database back-up ready, to restore as many of the board's threads, posts and other data as you can.

Minor edit from MattR.