AdminCP and server info / script up to date with security releases
If you are running phpfox on Windows server, I don't include windows server stuff here but you can google or ask your server support techs about folder permissions on windows servers.
You loaded or installed a pirated module
You need to ensure that you purchase or download a module/template/whatever directly from the www.phpfox.com site or directly from the 3rd party developer's site that created the product, even if it's a free add on. Do not ever download a “nulled, pirated, hacked, try before you buy” sort of add on that you find on a site that pirates/hacks/nulls scripts. These add ons from pirate sites can contain back doors, malware, trojans or any number of bad things in them. Also, the process of nulling the scripts can also cause them to be unstable and totally mess up your site.
Also, what you have done here is made your site insecure. When you load something with a “back door”, you just gave a hacker the key to your site and a way in. Because you invited this hacker into your site, the script has no way of knowing it is unsafe since you allowed it to be there and by installing the back door module have said it's ok.
You did not keep your script up to date with security releases
If phpFox finds an issue with the script that is of a security nature, they immediately release a patch. This has not happened very often but when it does, they also release a blog about it. This blog shows in your AdminCP in the updates from phpFox. If you do not implement this patch, you leave your site open to whatever vulnerability was fixed.
You modified source files
Here's one that people don't suspect of causing issues other than upgrade issues but it can. What you are doing is hacking into a secure script, and making changes, and possibly making security holes in the process. This is one reason we recommend to never edit source files and instead to use plugins for whatever changes you need made.
You gave out your AdminCP and server info
It is safe to give this info to phpFox technicians through the support channels. It is also ok to give ftp and Admincp info to developers that are installing modules/templates that you have purchased. I recommend having an Admin account set up for developers that you can change to registered user group when that developer is done. Also set up an ftp account just for developers or technicians to use. You can then change the password after the developer or tech is done.
Giving out this information to just any stranger that asks, such as on the phpfox.com forum if a member asks for the information and they are not phpFox staff, you really should not give out this info. This access info if in the wrong hands, can allow someone access to your member info and site files. Be very careful when anyone asks you for log in credentials if they are not staff of phpFox or a developer that you are having do work for you. Also, make sure the developer is reputable and has a good standing within the phpFox community. If they are new to the community, you might want to get recommendations from other customers before giving out the info or make sure you monitor what is being done to your site and change passwords after.
May be you can more guide here:
Requirements for the product have become more flexible when dealing with PHP related requirements such as safe_mode or open_base_dir. Using those as an example the product can work with whatever those are set to allowing clients not to worry about if their server has a specific setting enabled or not. Our goal is to have a product that is as flexible as possible to make sure it works on all of the popular hosts today. There is one strict requirement and that in order to run the product you must have PHP5. Past requirements have been PHP 4.3.3, however since PHP5 introduced a wave of improvements when it comes down to OOP we decided it was time we move forward. As for MySQL the same 4.1 is required, although phpFox will support other database drivers and not just MySQL.
When reading this manual it is wise to read everything in order and not skip ahead as items that we cover later on will require knowledge of something you have learned earlier in the manual.
*** link removed by moderator ***