Tweet
How-To: Protect your control panels with .htaccess
I haven't seen this completely explained, so here's a how-to.
vBulletin has been out long enough where a lot of non-admins are aware of the general directory structure. The first thing anyone with some less-than-honorable intentions is going to try when attempting to disrupt your site is to try the usual paths. Example, yourdomain.tld/forum/admincp, yourdomain.tld/forum/modcp, etc.
If you're using this structure, and I assume a lot of you are, here's how to nail down the includes/install/admincp/modcp folders a bit better. This how-to assumes you have shell access as root.
Test this on a temporary/test folder before applying it to any of your actual forum folders!
1. Go into /etc/httpd
2. Type htpasswd -c /etc/httpd/users username
3. Put in a password
Substitute username with the user you want to log in as.
Repeat as necessary for each user you want to access the panel, just drop the -c since you don't need to create the file anymore. Example:
htpasswd /etc/httpd/users modusername1
htpasswd /etc/httpd/users modusername2
4. Navigate to the folder you want to protect. For example, /var/httpd/yourdomain.tld/httpdocs/forum/admincp
5. Make a new file called .htaccess
6. Put this in it:
Then try going to yourdomain.tld/forum/admincp (or whatever your path is) and you should get an authentication box. Authenticate, and you should be brought to the normal vBulletin control panel login screen.
Notes:
- Authname is just the text displayed in the box, it can be whatever you like.
- Easiest way to create these server side is to use vi. If you aren't familiar with it, copy the .htaccess contents to the buffer from a text editor like notepad.
1. cd /var/httpd/yourdomain.tld/httpdocs/forum/admincp (use your path here, obviously)
2. vi .htpasswd
3. Hit i (insert mode)
4. Right click on the window, edit, paste.
5. Hit escape to exit insert mode
6. Hit :wq
Colon is how you input commands in vi (basically tells it to listen), w for write, q for quit immediately. If you make a mistake and need to start over, hit escape, then :q! (quit-discard-changes).
And there you have it. Again, make a subfolder called "testing" to try this out on before using it on your control panel. If for any reason this doesn't work for you, simply remove the .htaccess file from the folder.
vBulletin has been out long enough where a lot of non-admins are aware of the general directory structure. The first thing anyone with some less-than-honorable intentions is going to try when attempting to disrupt your site is to try the usual paths. Example, yourdomain.tld/forum/admincp, yourdomain.tld/forum/modcp, etc.
If you're using this structure, and I assume a lot of you are, here's how to nail down the includes/install/admincp/modcp folders a bit better. This how-to assumes you have shell access as root.
Test this on a temporary/test folder before applying it to any of your actual forum folders!
1. Go into /etc/httpd
2. Type htpasswd -c /etc/httpd/users username
3. Put in a password
Substitute username with the user you want to log in as.
Repeat as necessary for each user you want to access the panel, just drop the -c since you don't need to create the file anymore. Example:
htpasswd /etc/httpd/users modusername1
htpasswd /etc/httpd/users modusername2
4. Navigate to the folder you want to protect. For example, /var/httpd/yourdomain.tld/httpdocs/forum/admincp
5. Make a new file called .htaccess
6. Put this in it:
Code:
AuthName "Restricted Area" AuthType Basic AuthUserFile /etc/httpd/users require valid-user
Notes:
- Authname is just the text displayed in the box, it can be whatever you like.
- Easiest way to create these server side is to use vi. If you aren't familiar with it, copy the .htaccess contents to the buffer from a text editor like notepad.
1. cd /var/httpd/yourdomain.tld/httpdocs/forum/admincp (use your path here, obviously)
2. vi .htpasswd
3. Hit i (insert mode)
4. Right click on the window, edit, paste.
5. Hit escape to exit insert mode
6. Hit :wq
Colon is how you input commands in vi (basically tells it to listen), w for write, q for quit immediately. If you make a mistake and need to start over, hit escape, then :q! (quit-discard-changes).
And there you have it. Again, make a subfolder called "testing" to try this out on before using it on your control panel. If for any reason this doesn't work for you, simply remove the .htaccess file from the folder.
Comment