|
How-To Put an extra level of password protection on your control panel.
by
20 Jan 2006
I haven't seen this completely explained, so here's a how-to. vBulletin has been out long enough where a lot of non-admins are aware of the general directory structure. The first thing anyone with some less-than-honorable intentions is going to try when attempting to disrupt your site is to try the usual paths. Example, yourdomain.tld/forum/admincp, yourdomain.tld/forum/modcp, etc. If you're using this structure, and I assume a lot of you are, here's how to nail down the includes/install/admincp/modcp folders a bit better. This how-to assumes you have shell access as root. Test this on a temporary/test folder before applying it to any of your actual forum folders! 1. Go into /etc/httpd 2. Type htpasswd -c /etc/httpd/users username 3. Put in a password Substitute username with the user you want to log in as. Repeat as necessary for each user you want to access the panel, just drop the -c since you don't need to create the file anymore. Example: htpasswd /etc/httpd/users modusername1 htpasswd /etc/httpd/users modusername2 4. Navigate to the folder you want to protect. For example, /var/httpd/yourdomain.tld/httpdocs/forum/admincp 5. Make a new file called .htaccess 6. Put this in it: Code:
AuthName "Restricted Area" AuthType Basic AuthUserFile /etc/httpd/users require valid-user Notes: - Authname is just the text displayed in the box, it can be whatever you like. - Easiest way to create these server side is to use vi. If you aren't familiar with it, copy the .htaccess contents to the buffer from a text editor like notepad. 1. cd /var/httpd/yourdomain.tld/httpdocs/forum/admincp (use your path here, obviously) 2. vi .htpasswd 3. Hit i (insert mode) 4. Right click on the window, edit, paste. 5. Hit escape to exit insert mode 6. Hit :wq Colon is how you input commands in vi (basically tells it to listen), w for write, q for quit immediately. If you make a mistake and need to start over, hit escape, then :q! (quit-discard-changes). And there you have it. Again, make a subfolder called "testing" to try this out on before using it on your control panel. If for any reason this doesn't work for you, simply remove the .htaccess file from the folder. |
Similar Mods
| Administrative and Maintenance Tools Members Online in Admin Control Panel and Mod Control Panel | vBulletin 3.6 Add-ons |