Since the softwares admin panel is located at domain.com/admin it is very easy for most admin finder programs to find this page. Even manually many individuals would be able to find out your ACP path if you have password protected directory. Now what can we do to prevent your ACP from getting picked up on admin finder programs and prevent some individuals from finding your ACP path?
All you have to do is create a 404 not found path and put it in your ACP directory. How?
Open Notepad++ and copy the code below and paste it into notepad++
<html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <title>Website Name</title> </head> <body> <center><span style="font-size:36px;"><strong>404 Not Found</strong></span></center> <center></center> <center> <hr />nginx</center> </body> </html>
Save the file as index.html
Log in to your FTP and navigate to /admin
Upload index.html to the root of the admin directory.
When you go to website.com/admin it will show you a 404 not found error but if you go to website.com/admin/login.php or website.com/admin/index.php , you would view the admin control panel log in page and can use it normally.
Many admin page finders read the pages title, if it says 404 not found, they will move on to finding the page under a different term. Same with many newbie hackers, they will assume the admin page is not located at website.com/admin so then they will move on to finding the page under a different term. This is not foolproof but will definitely fool many.
Preview of Index.html
Last edited by Jacob (2014-10-09 04:39:48)
If someone fail to login more than 2 times, ban his IP will be better.
True. Or if you fail to log in more than 2 times, the admins get an alert e-mail with the details of the individual. Such as IP address, headers, etc. This way we can ban the guy personally if it was a malicious individual. This way we will also get to know that we need to be extra caution, if the individual is banned automatically then we wouldn't become aware of the attack or hack attempt.
what i use is login front page with admin account then will enable to open admin page,otherwise shows 404.