DragonByte Tech | vBulletin Mods & Addons - Powered by vBulletin





DragonByte Tech Proudly Hosted By Hivelocity.net
Custom Fitted Forum Hosting from Hivelocity

Request Support

Have an issue with one of our products? Want to suggest a new feature? Need help with configuration?
Loading...

User Tag List

Results 1 to 7 of 7

Thread: vBSecurity and config.php


Forum: vBSecurity Lite Support

Questions & Answers for vBSecurity.
Click here to buy!

  1. #1
    Junior Member
    Level 0 (0 Loyalty Points)

    Total Downloaded
    0
    Gil
    87 (0 Banked)
    Total Downloaded
    0
    User InfoThanks / Tagging InfoGifts / Achievements / AwardsActivity Stats
    Join Date
    Jan 2013
    Posts
    4
    Points
    87
    Credits
    1
    Rep Power
    0

    Question vBSecurity and config.php

    hi
    is there a way to change the configuration of vbsecurity to look for example.php insted of config.php in Variable Tampering?

    in other words, I changed include/config.php to include/example.php ... and when I install Vbsecurity and configure it

    I received a message " Security Alert: config.php Variable Tampering Detected!" while "config.php" is not the real config file it is a fake.

  2. #2
    Founder
    Level 0 (0 Loyalty Points)
    Belazor's Avatar
    Total Downloaded
    1.57 MB
    Gil
    49,272 (460,361 Banked)
    Total Downloaded
    1.57 MB
    User InfoThanks / Tagging InfoGifts / Achievements / AwardsActivity Stats
    Join Date
    Dec 2009
    Location
    Glasgow, Scotland
    Age
    28
    Posts
    18,770
    Blog Entries
    13
    Points
    49,272
    Credits
    1,886,576
    Rep Power
    10

    Default

    You can change /dbtech/vbsecurity/hooks/global_complete.php to look for your new config.php file instead
    Fillip Hannisdal
    Founder & Programming Director
    DragonByte Technologies http://www.DragonByte-Tech.com


    Please do not Private Message me with support requests or product questions. PMs are only for exchanging sensitive information (like FTP / AdminCP logins).
    Please do not Private Message me with business related queries (refunds, complaints, feedback, etc). Decado is the person to PM for those issues.
    Please do not Private Message Decado with support requests or forum errors.

    When I say "Hotfix Released" it means you should re-download the product and re-upload the files.
    Like our products? Want to be notified on social media networks when we release updates or new products? Click the buttons below to Like us on Facebook, Follow us on Twitter and Follow us on Google+!

  3. #3
    Junior Member
    Level 0 (0 Loyalty Points)

    Total Downloaded
    0
    Gil
    87 (0 Banked)
    Total Downloaded
    0
    User InfoThanks / Tagging InfoGifts / Achievements / AwardsActivity Stats
    Join Date
    Jan 2013
    Posts
    4
    Points
    87
    Credits
    1
    Rep Power
    0

    Default

    Quote Originally Posted by Belazor View Post
    You can change /dbtech/vbsecurity/hooks/global_complete.php to look for your new config.php file instead
    Thanks I fix it

    What about the
    /admincp
    /modcp

    I changed the also

  4. #4
    Founder
    Level 0 (0 Loyalty Points)
    Belazor's Avatar
    Total Downloaded
    1.57 MB
    Gil
    49,272 (460,361 Banked)
    Total Downloaded
    1.57 MB
    User InfoThanks / Tagging InfoGifts / Achievements / AwardsActivity Stats
    Join Date
    Dec 2009
    Location
    Glasgow, Scotland
    Age
    28
    Posts
    18,770
    Blog Entries
    13
    Points
    49,272
    Credits
    1,886,576
    Rep Power
    10

    Default

    vBSecurity is already compliant with those changes, as it fetches the new "admincpdir" and "modcpdir" from config.php.

    If you've found cases where this is not true, please let me know and I will fix it A.S.A.P.
    Fillip Hannisdal
    Founder & Programming Director
    DragonByte Technologies http://www.DragonByte-Tech.com


    Please do not Private Message me with support requests or product questions. PMs are only for exchanging sensitive information (like FTP / AdminCP logins).
    Please do not Private Message me with business related queries (refunds, complaints, feedback, etc). Decado is the person to PM for those issues.
    Please do not Private Message Decado with support requests or forum errors.

    When I say "Hotfix Released" it means you should re-download the product and re-upload the files.
    Like our products? Want to be notified on social media networks when we release updates or new products? Click the buttons below to Like us on Facebook, Follow us on Twitter and Follow us on Google+!

  5. #5
    Junior Member
    Level 0 (0 Loyalty Points)

    Total Downloaded
    0
    Gil
    87 (0 Banked)
    Total Downloaded
    0
    User InfoThanks / Tagging InfoGifts / Achievements / AwardsActivity Stats
    Join Date
    Jan 2013
    Posts
    4
    Points
    87
    Credits
    1
    Rep Power
    0

    Default

    Thank You

    You Made My day

  6. #6
    Junior Member
    Level 0 (0 Loyalty Points)

    Total Downloaded
    0
    Gil
    87 (0 Banked)
    Total Downloaded
    0
    User InfoThanks / Tagging InfoGifts / Achievements / AwardsActivity Stats
    Join Date
    Jan 2013
    Posts
    4
    Points
    87
    Credits
    1
    Rep Power
    0

    Default

    Got this message !

    Greetings,

    vBSecurity has detected a security alert regarding config.php Variable Tampering:
    $vbulletin->config['Misc']['admincpdir'] changed from 'examplecp' to 'http://www.*****.com/vb/examplecp'
    $vbulletin->config['Misc']['modcpdir'] changed from 'example2cp' to 'http://www.*****.com/vb/example2cp'
    $vbulletin->config['Misc']['admincpdir'] changed from 'examplecp' to ''http://www.*****.com/vb/examplecp'
    $vbulletin->config['Misc']['modcpdir'] changed from 'example2cp' to 'http://www.*****.com/vb/example2cp'

    The actions you have configured in the Security Center have been taken.
    Any idea please ?

  7. #7
    Founder
    Level 0 (0 Loyalty Points)
    Belazor's Avatar
    Total Downloaded
    1.57 MB
    Gil
    49,272 (460,361 Banked)
    Total Downloaded
    1.57 MB
    User InfoThanks / Tagging InfoGifts / Achievements / AwardsActivity Stats
    Join Date
    Dec 2009
    Location
    Glasgow, Scotland
    Age
    28
    Posts
    18,770
    Blog Entries
    13
    Points
    49,272
    Credits
    1,886,576
    Rep Power
    10

    Default

    Somewhere along the line, one of your other installed mods alter the variable. vBSecurity is correct to report it

    Most likely it's vBAdvanced or some other mod that runs its files outside the normal confines of vBulletin, so they update the variable in order to make it work with less effort.

    I'd recommend disabling all other addons, resetting the watchers, and then seeing if the message still appears.
    Fillip Hannisdal
    Founder & Programming Director
    DragonByte Technologies http://www.DragonByte-Tech.com


    Please do not Private Message me with support requests or product questions. PMs are only for exchanging sensitive information (like FTP / AdminCP logins).
    Please do not Private Message me with business related queries (refunds, complaints, feedback, etc). Decado is the person to PM for those issues.
    Please do not Private Message Decado with support requests or forum errors.

    When I say "Hotfix Released" it means you should re-download the product and re-upload the files.
    Like our products? Want to be notified on social media networks when we release updates or new products? Click the buttons below to Like us on Facebook, Follow us on Twitter and Follow us on Google+!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. PHP error on E-commerce part of site and download issue
    By RigelBetelguise in forum Site Support
    Replies: 3
    Last Post: 6th January 2013, 15:44
  2. [vB 4.1.x] False alerts involving config.php file
    By Iggy in forum vBSecurity Lite Support
    Replies: 4
    Last Post: 5th January 2012, 15:44
  3. [vB 4.1.x] credits.php has a very slow query and lags whole forum.
    By ENZO-F in forum vBCredits II Deluxe Lite Support
    Replies: 6
    Last Post: 7th June 2011, 20:12
  4. [vB 4.0.x] Errors on latest 1.1 version during import and category config
    By mistafro in forum vBDownloads Lite Support
    Replies: 14
    Last Post: 4th November 2010, 14:14

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •