im trying to make my site alittle more sercure.. i have deleted the /install/ file to stop a exploit from that Dic i deleted the swfupload folder to stop XSS Shell being inported is they anythink else i can do to sercure my website...
You don't need to remove the install directory. If you're that concerned about it you can implement .htaccess auth: http://xenforo.com/community/resour...and-the-install-directory-using-htaccess.353/
There are currently no known XSS vulnerabilities in XenForo's implementation of swfupload. There was a well documented one that affected a very large number of scripts, including, potentially, XenForo. It was fixed nearly two years ago: http://xenforo.com/community/threads/xenforo-security-fix-for-1-0-0-1-1-2.32890/
And to take what @Brogan commented on a little further, in the htaccess you can restrict access to the /install directory to specific IP's.
How would you do what... allow based upon permissions? If so it's using the ALLOW/DENY capability in the .htaccess. Code: order deny,allow deny from all allow from 111.222.333.444 where 111.222.333.444 is your IP.
Quoting a portion of what you are responding to would help target what you need help with. If you are referring to the code segment I am talking about you won't find that in the default .htaccess. you have to create the entry as outlined in @Brogans referral and then add it in.
