The forum is here for legacy reasons. No new posts will be created. User registration is disabled! If you have any questions, please email us or check https://www.adultscriptpro.com for more details!
You are not logged in.
Since the softwares admin panel is located at domain.com/admin it is very easy for most admin finder programs to find this page. Even manually many individuals would be able to find out your ACP path if you have password protected directory. Now what can we do to prevent your ACP from getting picked up on admin finder programs and prevent some individuals from finding your ACP path?
All you have to do is create a 404 not found path and put it in your ACP directory. How?
Step 1
Open Notepad++ and copy the code below and paste it into notepad++
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Website Name</title>
</head>
<body>
<center><span style="font-size:36px;"><strong>404 Not Found</strong></span></center>
<center></center>
<center>
<hr />nginx</center>
</body>
</html>
Save the file as index.html
Step 2
Log in to your FTP and navigate to /admin
Step 3
Upload index.html to the root of the admin directory.
Step 4
When you go to website.com/admin it will show you a 404 not found error but if you go to website.com/admin/login.php or website.com/admin/index.php , you would view the admin control panel log in page and can use it normally.
Conclusion
Many admin page finders read the pages title, if it says 404 not found, they will move on to finding the page under a different term. Same with many newbie hackers, they will assume the admin page is not located at website.com/admin so then they will move on to finding the page under a different term. This is not foolproof but will definitely fool many.
Preview of Index.html
Last edited by Jacob (2014-10-09 04:39:48)
Offline
If someone fail to login more than 2 times, ban his IP will be better.
True. Or if you fail to log in more than 2 times, the admins get an alert e-mail with the details of the individual. Such as IP address, headers, etc. This way we can ban the guy personally if it was a malicious individual. This way we will also get to know that we need to be extra caution, if the individual is banned automatically then we wouldn't become aware of the attack or hack attempt.
Offline
what i use is login front page with admin account then will enable to open admin page,otherwise shows 404.
Offline
Best double protect admin in .htaccess. I mean protect admin directory with .htpasswd
Last edited by Nuevolab (2014-10-01 20:42:10)
Offline