Alright, I've created a PHP based htaccess file, that is required by global.php. This means you obviously have 'no chance' of avoiding entering through the htaccess (at least to my knowledge).

I've decided to extend my functionality of the 'hack' though. I want to be able to put the IP into the vBulletin board settings 'banip', if the user type in a bad htaccess 3 times. Obviously I'd want to save the number of attempte, somehow. I've tried numerous ways, but I can't seem to find out how I set vBulletin vars and retrieve them again?

I've tried vbsetcookie('cookiename', 1)

and then

if(isset($vbulletin->session->vars['cookiename'])) vbsetcookie('cookiename', ($vbulletin->session->vars['cookiename']+1)

And I've even tried using 'regular' sessions thru $HTTP_SESSION_VARS. Nothing works.

Do you have a suggestion (I might've stared myself blind at this)?

Just to correct a bit of your code;
if(isset($vbulletin->session->vars['cookiename']))
{
vbsetcookie('cookiename', (intval($vbulletin->session->vars['cookiename'])+1));
}

Right you are.. however, it still does not work. It does not even set the 'htattempts' cookie.

This is what print_r($vbulletin->session->vars); gives me.. doesn't look like htattempts is set at all..

Anyone got a clue?