1. Admin Panel Patikasını Değiştireceğiz

- MyBB Admin panel yolunu değiştirmemiz bize güvenlikte avantaj sağlayacaktır. Bu güvenlik ipucunu Merge takımı lideri TikiTiki üretmiştir. Biz burada yeni admin panel yolunun ismini admin yerine yeniyol yapacağız. Başlıyoruz,

Inc/Config.php gir,
$config['admin_dir'] = 'admin';


Değiştir
$config['admin_dir'] = 'yeniyol';


Inc/Init.php gir,
$config['admin_dir'] = 'admin';


Değiştir
$config['admin_dir'] = 'yeniyol';


Yukarıdaki işlemden sonra Ftp alanımızdaki admin klasör isimini yeniyol olarak değiştirin.


2. Versiyon Numarasını, Sürüm Kontrölleri, Resimli Copyright

a) Versiyon Numarası
Hackerlar,( ben onlara uzunca vatan haini diyorum memleket sitelerini hackliyorlar çünkü. smile ) eski versiyon numaralarını gördükleri zaman, bunu fırsat bilebilirler.

Admin Panele giriyoruz,
Forum Ayarları > Değiştir > Genel Konfigürasyonu gir,
Versiyon Numaralarını Göster >>>>> Kapalı.

b) Sürüm Kontrolleri
Sürüm Upgrade'leri MyBB Güvenliğinde en önemli olay. Bu güncellemeleri sıkca kontrol etmeli, gerekeni yapmalıyız. MyBBoard bize öyle güzel bir hizmet sunmuş ki, kullanmasını bilene fellow

Admin Panele giriyoruz,
Versiyon Kontrolü ( üstten 3.cü link ) 'ne giriyoruz ve kontrölümüzü yapıyoruz.

c) Resimli Copyright
Hackerlar, internetin tanrısı Google'da "MyBB" diye aratıyor ve listeyi alıyor. Upgrade çıkana kadar listelerine girmemek bizim için çok önemli. Bunun için bizde Copyright linkimizi resim olarak vereceğiz sevgili arkadaşlarım.

Admin Panele giriyoruz,
Şablonlar > Temanız > Footer

Buluyoruz,
{$lang->powered_by} MyBB {$mybbversion}

{$lang->copyright} © 2002-{$copy_year} MyBB Group


Değiştiriyoruz,


3. Debug Bilgilerini Kapatmak

Bu bilgiler bir takım hackerlar için altın değerindedir. Kapatmamız en iyisi fellow

Admin Panele Giriyoruz,
Forum Ayarları >> Server ve Optimizasyon Seçenekleri
Gelişmiş istatistikler / Debug Bilgileri'ni kapatıyoruz.


4. Sürekli Yedek Almak
Biz ne kadar güvenlik önlemi alırsak alalım, her kilidin bir çilingiri var maalesef. Fakat biz bunlara elimizden geldiğince karşı koyacağız.

Otomatik Mysql Yedekleyici

5. Robots.TXT
Google, Yahoo slurp, Msn botlarını bilirsiniz dimi? Çok severiz onları smile , fakat bazı botlar kötüdür. Okunmasını istemediğiniz yerleri indexleyebilir. Örneğin, admin panel, config.php gibi? Korkmayın çözümümüz hazır smile

Eğer ana dizinde robots.txt varsa bunları yapıştırın, eğer yoksa kendiniz bir txt dosyasına robots.txt diyip içine bunları yapıştırın ve ana dizine gönderin.
[/code]








































[code]User-agent: Black Hole
Disallow: /

User-agent: Titan
Disallow: /

User-agent: WebStripper
Disallow: /

User-agent: NetMechanic
Disallow: /

User-agent: CherryPicker
Disallow: /

User-agent: EmailCollector
Disallow: /

User-agent: EmailSiphon
Disallow: /

User-agent: WebBandit
Disallow: /

User-agent: EmailWolf
Disallow: /

User-agent: ExtractorPro
Disallow: /

User-agent: CopyRightCheck
Disallow: /

User-agent: Crescent
Disallow: /

User-agent: NICErsPRO
Disallow: /

User-agent: Wget
Disallow: /

User-agent: SiteSnagger
Disallow: /

User-agent: ProWebWalker
Disallow: /

User-agent: CheeseBot
Disallow: /

User-agent: mozilla/4
Disallow: /

User-agent: mozilla/5
Disallow: /

User-agent: Mozilla/4.0 (compatible; MSIE 4.0; Windows NT)
Disallow: /

User-agent: Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)
Disallow: /

User-agent: Mozilla/4.0 (compatible; MSIE 4.0; Windows 9
Disallow: /

User-agent: ia_archiver
Disallow: /

User-agent: ia_archiver/1.6
Disallow: /

User-agent: Alexibot
Disallow: /

User-agent: Teleport
Disallow: /

User-agent: TeleportPro
Disallow: /

User-agent: Wget
Disallow: /

User-agent: MIIxpc
Disallow: /

User-agent: Telesoft
Disallow: /

User-agent: Website Quester
Disallow: /

User-agent: WebZip
Disallow: /

User-agent: moget/2.1
Disallow: /

User-agent: WebZip/4.0
Disallow: /

User-agent: WebStripper
Disallow: /

User-agent: WebSauger
Disallow: /

User-agent: WebCopier
Disallow: /

User-agent: NetAnts
Disallow: /

User-agent: Mister PiX
Disallow: /

User-agent: WebAuto
Disallow: /

User-agent: TheNomad
Disallow: /

User-agent: WWW-Collector-E
Disallow: /

User-agent: RMA
Disallow: /

User-agent: libWeb/clsHTTPDisallow: /

User-agent: asterias
Disallow: /

User-agent: turingos
Disallow: /

User-agent: spanner
Disallow: /

User-agent: InfoNaviRobot
Disallow: /

User-agent: Harvest/1.5
Disallow: /

User-agent: ExtractorPro
Disallow: /

User-agent: Bullseye/1.0
Disallow: /

User-agent: Mozilla/4.0 (compatible; BullsEye; Windows 95)
Disallow: /

User-agent: Crescent Internet ToolPak HTTPOLE Control v.1.0
Disallow: /

User-agent: CherryPickerSE/1.0
Disallow: /

User-agent: CherryPickerElite/1.0
Disallow: /

User-agent: WebBandit/3.50
Disallow: /

User-agent: NICErsPRO
Disallow: /

User-agent: Microsoft URL Control - 5.01.4511
Disallow: /

User-agent: DittoSpyder
Disallow: /

User-agent: Foobot
Disallow: /

User-agent: WebmasterWorldForumBot
Disallow: /

User-agent: SpankBot
Disallow: /

User-agent: BotALot
Disallow: /

User-agent: lwp-trivial/1.34
Disallow: /

User-agent: lwp-trivial
Disallow: /

User-agent: BunnySlippers
Disallow: /

User-agent: Microsoft URL Control - 6.00.8169
Disallow: /

User-agent: URLy Warning
Disallow: /

User-agent: Wget
Disallow: /

User-agent: Wget/1.5.3
Disallow: /

User-agent: LinkWalker
Disallow: /

User-agent: cosmos
Disallow: /

User-agent: moget
Disallow: /

User-agent: hloader
Disallow: /

User-agent: humanlinks
Disallow: /

User-agent: LinkextractorPro
Disallow: /

User-agent: Offline Explorer
Disallow: /

User-agent: Mata Hari
Disallow: /

User-agent: LexiBot
Disallow: /

User-agent: Offline Explorer
Disallow: /

User-agent: Web Image Collector
Disallow: /

User-agent: The Intraformant
Disallow: /

User-agent: True_Robot/1.0
Disallow: /

User-agent: True_Robot
Disallow: /

User-agent: BlowFish/1.0
Disallow: /

User-agent: JennyBot
Disallow: /

User-agent: MIIxpc/4.2
Disallow: /

User-agent: BuiltBotTough
Disallow: /

User-agent: ProPowerBot/2.14
Disallow: /

User-agent: BackDoorBot/1.0
Disallow: /

User-agent: toCrawl/UrlDispatcher
Disallow: /

User-agent: WebEnhancer
Disallow: /

User-agent: TightTwatBot
Disallow: /

User-agent: suzuran
Disallow: /

User-agent: VCI WebViewer VCI WebViewer Win32
Disallow: /

User-agent: VCI
Disallow: /

User-agent: Szukacz/1.4
Disallow: /

User-agent: QueryN Metasearch
Disallow: /

User-agent: Openfind data gathere
Disallow: /

User-agent: Openfind
Disallow: /

User-agent: Xenu's Link Sleuth 1.1c
Disallow: /

User-agent: Xenu's
Disallow: /

User-agent: Zeus
Disallow: /

User-agent: RepoMonkey Bait & Tackle/v1.01
Disallow: /

User-agent: RepoMonkey
Disallow: /

User-agent: Zeus 32297 Webster Pro V2.9 Win32
Disallow: /

User-agent: Webster Pro
Disallow: /

User-agent: EroCrawler
Disallow: /

User-agent: LinkScan/8.1a Unix Disallow: /

User-agent: Kenjin Spider
Disallow: /

User-agent: Keyword Density/0.9
Disallow: /

User-agent: Kenjin Spider
Disallow: /

User-agent: Cegbfeieh
Disallow: /

Different:

User-agent: larbin
Disallow: /

User-agent: b2w/0.1
Disallow: /

User-agent: Copernic
Disallow: /

User-agent: psbot
Disallow: /

User-agent: Python-urllib
Disallow: /


User-agent: NetMechanic
Disallow: /

User-agent: URL_Spider_Pro
Disallow: /

User-agent: CherryPicker
Disallow: /

User-agent: EmailCollector
Disallow: /

User-agent: EmailSiphon
Disallow: /

User-agent: WebBandit
Disallow: /

User-agent: EmailWolf
Disallow: /

User-agent: ExtractorPro
Disallow: /

User-agent: CopyRightCheck
Disallow: /

User-agent: Crescent
Disallow: /

User-agent: SiteSnagger
Disallow: /

User-agent: ProWebWalker
Disallow: /

User-agent: CheeseBot
Disallow: /

User-agent: LNSpiderguy
Disallow: /

User-agent: Mozilla
Disallow: /

User-agent: mozilla
Disallow: /

User-agent: mozilla/3
Disallow: /

User-agent: mozilla/4
Disallow: /

User-agent: mozilla/5
Disallow: /

User-agent: WebAuto
Disallow: /

User-agent: TheNomad
Disallow: /

User-agent: WWW-Collector-E
Disallow: /

User-agent: RMA
Disallow: /

User-agent: libWeb/clsHTTP
Disallow: /

User-agent: httplib
Disallow: /

User-agent: turingos
Disallow: /

User-agent: InfoNaviRobot
Disallow: /

User-agent: Harvest/1.5
Disallow: /

User-agent: Crescent Internet ToolPak HTTP OLE Control v.1.0
Disallow: /

User-agent: CherryPickerSE/1.0
Disallow: /

User-agent: CherryPickerElite/1.0
Disallow: /

User-agent: WebBandit/3.50
Disallow: /

User-agent: NICErsPRO
Disallow: /

User-agent: DittoSpyder
Disallow: /

User-agent: Foobot
Disallow: /

User-agent: BotALot
Disallow: /

User-agent: lwp-trivial/1.34
Disallow: /

User-agent: lwp-trivial
Disallow: /

User-agent: URLy Warning
Disallow: /

User-agent: hloader
Disallow: /

User-agent: humanlinks
Disallow: /

User-agent: LinkextractorPro
Disallow: /

User-agent: Offline Explorer
Disallow: /

User-agent: Mata Hari
Disallow: /

User-agent: LexiBot
Disallow: /

User-agent: Web Image Collector
Disallow: /

User-agent: The Intraformant
Disallow: /

User-agent: True_Robot/1.0
Disallow: /

User-agent: True_Robot
Disallow: /

User-agent: BlowFish/1.0
Disallow: /

User-agent: JennyBot
Disallow: /

User-agent: MIIxpc/4.2
Disallow: /

User-agent: BuiltBotTough
Disallow: /

User-agent: ProPowerBot/2.14
Disallow: /

User-agent: BackDoorBot/1.0
Disallow: /

User-agent: toCrawl/UrlDispatcher
Disallow: /

User-agent: WebEnhancer
Disallow: /

User-agent: suzuran
Disallow: /

User-agent: VCI WebViewer VCI WebViewer Win32
Disallow: /

User-agent: VCI
Disallow: /

User-agent: Szukacz/1.4
Disallow: /

User-agent: QueryN Metasearch
Disallow: /

User-agent: Openfind data gathere
Disallow: /

User-agent: Openfind
Disallow: /

User-agent: Xenu's Link Sleuth 1.1c
Disallow: /

User-agent: Xenu's
Disallow: /

User-agent: Zeus
Disallow: /

User-agent: RepoMonkey Bait & Tackle/v1.01
Disallow: /

User-agent: RepoMonkey
Disallow: /

User-agent: Openbot
Disallow: /

User-agent: URL Control
Disallow: /

User-agent: Zeus Link Scout
Disallow: /

User-agent: Zeus 32297 Webster Pro V2.9 Win32
Disallow: /

User-agent: EroCrawler
Disallow: /

User-agent: LinkScan/8.1a Unix
Disallow: /

User-agent: Keyword Density/0.9
Disallow: /

User-agent: Kenjin Spider
Disallow: /

User-agent: Iron33/1.0.2
Disallow: /

User-agent: Bookmark search tool
Disallow: /

User-agent: GetRight/4.2
Disallow: /

User-agent: FairAd Client
Disallow: /

User-agent: Gaisbot
Disallow: /

User-agent: Aqua_Products
Disallow: /

User-agent: Radiation Retriever 1.1
Disallow: /

User-agent: WebmasterWorld Extractor
Disallow: /

User-agent: Flaming AttackBot
Disallow: /

User-agent: Oracle Ultra Search
Disallow: /

User-agent: MSIECrawler
Disallow: /

User-agent: PerMan
Disallow: /

User-agent: searchpreview
Disallow: /

User-agent: naver
Disallow: /

User-agent: dumbot
Disallow: /

User-agent: Hatena Antenna
Disallow: /

User-agent: grub-client
Disallow: /

User-agent: grub
Disallow: /

User-agent: larbin
Disallow: /

User-agent: b2w/0.1
Disallow: /

User-agent: Copernic
Disallow: /

User-agent: psbot
Disallow: /

User-agent: Python-urllib
Disallow: /

User-agent: EmailWolf
Disallow: /

User-agent: ExtractorPro
Disallow: /

User-agent: CopyRightCheck
Disallow: /

User-agent: Crescent
Disallow: /

User-agent: SiteSnagger
Disallow: /

User-agent: ProWebWalker
Disallow: /

User-agent: CheeseBot
Disallow: /

User-agent: LNSpiderguy
Disallow: /

User-agent: Mister PiX
Disallow: /

User-agent: WebAuto
Disallow: /

User-agent: TheNomad
Disallow: /

User-agent: WWW-Collector-E
Disallow: /

User-agent: RMA
Disallow: /

User-agent: httplib
Disallow: /

User-agent: turingos
Disallow: /

User-agent: InfoNaviRobot
Disallow: /

User-agent: Harvest/1.5
Disallow: /

User-agent: Bullseye/1.0
Disallow: /

User-agent: Mozilla/4.0 (compatible; BullsEye; Windows 95)
Disallow: /

User-agent: Crescent Internet ToolPak HTTP OLE Control v.1.0
Disallow: /

User-agent: CherryPickerSE/1.0
Disallow: /

User-agent: CherryPickerElite/1.0
Disallow: /

User-agent: NICErsPRO
Disallow: /

User-agent: URLy Warning
Disallow: /

User-agent: humanlinks
Disallow: /

User-agent: Web Image Collector
Disallow: /

User-agent: The Intraformant
Disallow: /

User-agent: True_Robot/1.0
Disallow: /

User-agent: True_Robot
Disallow: /

User-agent: BlowFish/1.0
Disallow: /

User-agent: JennyBot
Disallow: /

User-agent: MIIxpc/4.2
Disallow: /

User-agent: BuiltBotTough
Disallow: /

User-agent: ProPowerBot/2.14
Disallow: /

User-agent: BackDoorBot/1.0
Disallow: /

User-agent: toCrawl/UrlDispatcher
Disallow: /

User-agent: WebEnhancer
Disallow: /

User-agent: suzuran
Disallow: /

User-agent: VCI WebViewer VCI WebViewer Win32
Disallow: /

User-agent: VCI
Disallow: /

User-agent: Szukacz/1.4
Disallow: /

User-agent: QueryN Metasearch
Disallow: /

User-agent: Openfind data gathere
Disallow: /

User-agent: Openfind
Disallow: /

User-agent: Xenu's Link Sleuth 1.1c
Disallow: /

User-agent: Xenu's
Disallow: /

User-agent: Zeus
Disallow: /

User-agent: RepoMonkey Bait & Tackle/v1.01
Disallow: /

User-agent: RepoMonkey
Disallow: /

User-agent: Microsoft URL Control
Disallow: /

User-agent: Openbot
Disallow: /

User-agent: URL Control
Disallow: /

User-agent: Zeus Link Scout
Disallow: /

User-agent: Zeus 32297 Webster Pro V2.9 Win32
Disallow: /

User-agent: Webster Pro
Disallow: /

User-agent: EroCrawler
Disallow: /

User-agent: LinkScan/8.1a Unix
Disallow: /

User-agent: Keyword Density/0.9
Disallow: /

User-agent: Kenjin Spider
Disallow: /

User-agent: Iron33/1.0.2
Disallow: /

User-agent: Bookmark search tool
Disallow: /

User-agent: GetRight/4.2
Disallow: /

User-agent: FairAd Client
Disallow: /

User-agent: Gaisbot
Disallow: /

User-agent: Aqua_Products
Disallow: /

User-agent: Radiation Retriever 1.1
Disallow: /

User-agent: WebmasterWorld Extractor
Disallow: /

User-agent: Flaming AttackBot
Disallow: /

User-agent: Oracle Ultra Search
Disallow: /

User-agent: MSIECrawler
Disallow: /

User-agent: PerMan
Disallow: /

User-agent: searchpreview
Disallow: /

User-agent: sootle
Disallow: /

User-agent: es
Disallow: /

User-agent: Enterprise_Search/1.0
Disallow: /

User-agent: Enterprise_Search
Disallow: /


6. Prefix Koruması! Bu olay çok önemli ve Türkler tarafından bilinmeyen bir korunma yöntemi. Exploitler üzerinde oldukça etkili... Şimdi veritabanındaki tablolarda ön ek dediğimiz bir ek var. Bunu değiştirerek birçok hack saldırısından korunacağız sevgili arkadaşlarım. Ben yeni tablo ön ekimi turk_ yapacağım. Şimdi adımları dikkatlice izleyin. Config.php aç,
$config['table_prefix'] = 'mybb_';
Değiştir,
$config['table_prefix'] = 'turk_';
İlk adım tamamlandı, şimdi PhpMyAdmin'e girin. Kullandığınız veritabanını seçin. Üst menüde SQL yazan yere girin! Ve bu kodları girin


Kod:

RENAME TABLE mybb_adminlog TO turk_adminlog;
RENAME TABLE mybb_adminoptions TO turk_adminoptions;
RENAME TABLE mybb_adminsessions TO turk_adminsessions;
RENAME TABLE mybb_announcements TO turk_announcements;
RENAME TABLE mybb_attachments TO turk_attachments;
RENAME TABLE mybb_attachtypes TO turk_attachtypes;
RENAME TABLE mybb_awaitingactivation TO turk_awaitingactivation;
RENAME TABLE mybb_badwords TO turk_badwords;
RENAME TABLE mybb_banned TO turk_banned;
RENAME TABLE mybb_captcha TO turk_captcha;
RENAME TABLE mybb_datacache TO turk_datacache;
RENAME TABLE mybb_events TO turk_events;
RENAME TABLE mybb_favorites TO turk_favorites;
RENAME TABLE mybb_forumpermissions TO turk_forumpermissions;
RENAME TABLE mybb_forums TO turk_forums;
RENAME TABLE mybb_forumsubscriptions TO turk_forumsubscriptions;
RENAME TABLE mybb_groupleaders TO turk_groupleaders;
RENAME TABLE mybb_helpdocs TO turk_helpdocs;
RENAME TABLE mybb_helpsections TO turk_helpsections;
RENAME TABLE mybb_icons TO turk_icons;
RENAME TABLE mybb_joinrequests TO turk_joinrequests;
RENAME TABLE mybb_mailqueue TO turk_mailqueue;
RENAME TABLE mybb_moderatorlog TO turk_moderatorlog;
RENAME TABLE mybb_moderators TO turk_moderators;
RENAME TABLE mybb_modtools TO turk_modtools;
RENAME TABLE mybb_mycode TO turk_mycode;
RENAME TABLE mybb_polls TO turk_polls;
RENAME TABLE mybb_pollvotes TO turk_pollvotes;
RENAME TABLE mybb_posts TO turk_posts;
RENAME TABLE mybb_privatemessages TO turk_privatemessages;
RENAME TABLE mybb_profilefields TO turk_profilefields;
RENAME TABLE mybb_reportedposts TO turk_reportedposts;
RENAME TABLE mybb_reputation TO turk_reputation;
RENAME TABLE mybb_searchlog TO turk_searchlog;
RENAME TABLE mybb_sessions TO turk_sessions;
RENAME TABLE mybb_settinggroups TO turk_settinggroups;
RENAME TABLE mybb_settings TO turk_settings;
RENAME TABLE mybb_smilies TO turk_smilies;
RENAME TABLE mybb_templategroups TO turk_templategroups;
RENAME TABLE mybb_templates TO turk_templates;
RENAME TABLE mybb_templatesets TO turk_templatesets;
RENAME TABLE mybb_themes TO turk_themes;
RENAME TABLE mybb_threadratings TO turk_threadratings;
RENAME TABLE mybb_threads TO turk_threads;
RENAME TABLE mybb_threadsread TO turk_threadsread;
RENAME TABLE mybb_userfields TO turk_userfields;
RENAME TABLE mybb_usergroups TO turk_usergroups;
RENAME TABLE mybb_users TO turk_users;
RENAME TABLE mybb_usertitles TO turk_usertitles;

lütfen aynı konuyu yollamayalım...

+kilit +çöp