Status
Not open for further replies.

AAMT

New member
hi
is there a way to change the configuration of vbsecurity to look for example.php insted of config.php in Variable Tampering?

in other words, I changed include/config.php to include/example.php ... and when I install Vbsecurity and configure it

I received a message " Security Alert: config.php Variable Tampering Detected!" while "config.php" is not the real config file it is a fake.
 
You can change /dbtech/vbsecurity/hooks/global_complete.php to look for your new config.php file instead :)
 
vBSecurity is already compliant with those changes, as it fetches the new "admincpdir" and "modcpdir" from config.php.

If you've found cases where this is not true, please let me know and I will fix it A.S.A.P. :)
 
Got this message !

Greetings,

vBSecurity has detected a security alert regarding config.php Variable Tampering:
$vbulletin->config['Misc']['admincpdir'] changed from 'examplecp' to 'http://www.*****.com/vb/examplecp'
$vbulletin->config['Misc']['modcpdir'] changed from 'example2cp' to 'http://www.*****.com/vb/example2cp'
$vbulletin->config['Misc']['admincpdir'] changed from 'examplecp' to ''http://www.*****.com/vb/examplecp'
$vbulletin->config['Misc']['modcpdir'] changed from 'example2cp' to 'http://www.*****.com/vb/example2cp'

The actions you have configured in the Security Center have been taken.

Any idea please ?
 
Somewhere along the line, one of your other installed mods alter the variable. vBSecurity is correct to report it :)

Most likely it's vBAdvanced or some other mod that runs its files outside the normal confines of vBulletin, so they update the variable in order to make it work with less effort.

I'd recommend disabling all other addons, resetting the watchers, and then seeing if the message still appears.
 
Status
Not open for further replies.

Legacy vBSecurity

vBulletin 3.8.x vBulletin 4.x.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
810
Customer rating
0.00 star(s) 0 ratings
Back
Top