'Copyright'
Collapse
This topic is closed.
X
X
-
The point is if you remove the version number you also remove a (very small) security risk that someone will visit your forum and see that you are running an out of date version and then decide on the off chance to hack you.
It still requires you to keep up to date, but makes it that little bit harder to find what version you are running. Whether or not it makes much of a difference is not really the point. Why have a sign on your front door saying your out for the day when you could just leave the house without anything on it at all.Comment
-
I highly doubt they can just download the .htaccess and .htpasswd file. Especially the latter is a file you don't have to save in the same dir but somewhere outside the public html directory.
Adding .htaccess to your modcp/ and admincp/ and removing the install/ directory is a good additional security layer.Comment
-
You can't download .ht* files in the first place. And even if you could, you can't "decode" password hashes. But please, go ahead and hack those sites if it's so easy.Comment
-
Comment
-
Comment
-
When you go to cpanel you click cancel on the .htaccess one, and then takes you to the login error page which has a login part so you just crack that haha
you view htaccess to find out where .htpsswd is ie it would be like this most of the time
AuthGroupFile /dev/null
AuthName "Admin's Only"
AuthType Basic
AuthUserFile /home/*****/*******/*******/.htpasswd/******/******/.htpasswd
require valid-userComment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment