Adult Script Pro Community Forums

The forum is here for legacy reasons. No new posts will be created. User registration is disabled! If you have any questions, please email us or check https://www.adultscriptpro.com for more details!

You are not logged in.

#1 2014-08-04 15:46:51

Jacob
Member
Registered: 2014-05-15
Posts: 193

[Howto] Protecting admin page from admin finders

Since the softwares admin panel is located at domain.com/admin it is very easy for most admin finder programs to find this page. Even manually many individuals would be able to find out your ACP path if you have password protected directory. Now what can we do to prevent your ACP from getting picked up on admin finder programs and prevent some individuals from finding your ACP path?

All you have to do is create a 404 not found path and put it in your ACP directory. How?

Step 1

Open Notepad++ and copy the code below and paste it into notepad++

<html>
<head>
	<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
	<title>Website Name</title>
</head>
<body>
<center><span style="font-size:36px;"><strong>404 Not Found</strong></span></center>

<center></center>

<center>
<hr />nginx</center>
</body>
</html>

Save the file as index.html

Step 2
Log in to your FTP and navigate to /admin

Step 3
Upload index.html to the root of the admin directory.

Step 4
When you go to website.com/admin it will show you a 404 not found error but if you go to website.com/admin/login.php or website.com/admin/index.php , you would view the admin control panel log in page and can use it normally.

Conclusion

Many admin page finders read the pages title, if it says 404 not found, they will move on to finding the page under a different term. Same with many newbie hackers, they will assume the admin page is not located at website.com/admin so then they will move on to finding the page under a different term. This is not foolproof but will definitely fool many.


Preview of Index.html
33wy1le.png

Last edited by Jacob (2014-10-09 04:39:48)

Offline

#2 2014-08-04 20:22:23

Eri
Member
Registered: 2011-03-18
Posts: 977

Re: [Howto] Protecting admin page from admin finders

If someone fail to login more than 2 times, ban his IP will be better.


Best Adult Affilitate Network:
ExoClick
Best Deals on Dedicated Servers - CDN
INXY

Offline

#3 2014-08-04 20:34:00

Jacob
Member
Registered: 2014-05-15
Posts: 193

Re: [Howto] Protecting admin page from admin finders

Eri wrote:

If someone fail to login more than 2 times, ban his IP will be better.

True. Or if you fail to log in more than 2 times, the admins get an alert e-mail with the details of the individual. Such as IP address, headers, etc. This way we can ban the guy personally if it was a malicious individual. This way we will also get to know that we need to be extra caution, if the individual is banned automatically then we wouldn't become aware of the attack or hack attempt.

Offline

#4 2014-10-01 15:29:53

99re.com
Member
Registered: 2013-11-18
Posts: 28

Re: [Howto] Protecting admin page from admin finders

what i use is login front page with admin account then will enable to open admin page,otherwise shows 404.

Offline

#5 2014-10-01 20:40:26

Nuevolab
Member
Registered: 2012-08-01
Posts: 189

Re: [Howto] Protecting admin page from admin finders

Best double protect admin in .htaccess. I mean protect admin directory with .htpasswd

Last edited by Nuevolab (2014-10-01 20:42:10)

Offline

Board footer

Powered by FluxBB