Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Securing your Admin login. Rate Topic   - - - - -

 
  • Anonymous
  • Junior Member
  • Banned
  • Join Date: 04-Jul 05
  • 6 posts

Posted 21 November 2005 - 09:32 PM #1

After you install your CS-Cart, the default admin page is admin.php. It is recommended that you rename this page to something more complex.

Once you rename the file you must make a change in the config file to support the new name you gave the admin.php file.

Below is a step by step on how to accomplish this.



1. Rename the 'admin.php' right on the server to whatever you like example: admin8765.php

2. Download 'config.php' from your server and open in notepad.

3. Change the following line in 'config.php' to refelect the changes you made:

$admin_index = 'admin.php';

to

$admin_index = 'admin8765.php';

4. Upload 'config.php'

5. Go to www.yourdomain.com/[CS-CART]/yournewadminpage.php to test.

 

Posted 14 April 2006 - 08:59 AM #2

I tried just renaming the file before because I wanted to make it more secure instead of the stereo-typical "admin" ext. Thanks for telling me how to change the config.php. :D

 
  • MarkWhoo
  • Senior Member
  • Members
  • Join Date: 08-Apr 06
  • 106 posts

Posted 14 April 2006 - 11:29 PM #3

Although the renaming issue is useful, I still would like the ability to restrict access to this file via htaccess entry or other useful progies within a control panel.
If you do not have this in it's own file area, many available progies will not allow you to simply deny access.

Does anyone know of an easy way to deny access to the file on top of ability to rename it?

If someone finds it, all they need to do is open certain progies to begin hacking ionto it, I would like to restrict access to the file itself before they can even get that far. Anything to help sslow them down.


Anything out there? By htaccess restriction, I can restrict file access with password AND IP blocking to htaccess file itself.

 

Posted 16 April 2006 - 01:30 AM #4

I don't know about you guys but I'm also (for added measure) going to create another main administrator user account under a 'discreet' username and then I'll disable the actual "admin" username. To me it's pretty obvious that the admin username would mostly be "admin" or "administration" on most carts.
:o [/quote]

 
  • smoked1
  • Senior Member
  • Members
  • Join Date: 19-May 06
  • 178 posts

Posted 19 May 2006 - 11:42 PM #5

I posted this on another thread as well but this is a simple way to stop access to the page based on IP address. I have not tested it but I am sure that it would work ok.

<?php
$ip = GetHostByName($REMOTE_ADDR);
echo $ip;
if ($ip != '67.153.177.34')
{
echo '<br><p>You are gay dude</p>';
}
else
{
echo "<br>Rest of pages code goes here";
}
?>

 
  • icvetkovic
  • Junior Member
  • Members
  • Join Date: 20-Mar 06
  • 26 posts

Posted 09 August 2006 - 08:08 AM #6

You are gay dude


lol

10chr

 
  • michael
  • Senior Member
  • Authorized Reseller
  • Join Date: 27-Oct 06
  • 209 posts

Posted 25 May 2007 - 04:34 AM #7

Dont forget to change the home link on back-end top.

U can change: skins/ur skins/admin/top_quick_links.tpl.

<a href="http://www.yoursite.com/yournewname.php" class="top-quick-links">{$lang.home}


Hope this can help u.
Do whatever you want to do....

 
  • fullshop
  • Junior Member
  • Members
  • Join Date: 06-Feb 07
  • 12 posts

Posted 25 May 2007 - 05:58 AM #8

I posted this on another thread as well but this is a simple way to stop access to the page based on IP address. I have not tested it but I am sure that it would work ok.

<?php
$ip = GetHostByName($REMOTE_ADDR);
echo $ip;
if ($ip != '67.153.177.34')
{
echo '<br><p>You are gay dude</p>';
}
else
{
echo "<br>Rest of pages code goes here";
}
?>


you can do this

<?php
$ip = GetHostByName($REMOTE_ADDR);
if ($ip != '67.153.177.34') { die("you are gay dude"); }
?>

and you don't need to put the rest of the code into "else"

 
  • TonyK
  • Member
  • Members
  • Join Date: 03-Mar 06
  • 1686 posts

Posted 26 May 2007 - 02:20 PM #9

http://vb.cs-cart.co...read.php?t=2189
Pimpin' skins since v1.0

 

Posted 07 August 2009 - 01:36 PM #10

After you install your CS-Cart, the default admin page is admin.php. It is recommended that you rename this page to something more complex.

Once you rename the file you must make a change in the config file to support the new name you gave the admin.php file.

Below is a step by step on how to accomplish this.



1. Rename the 'admin.php' right on the server to whatever you like example: admin8765.php

2. Download 'config.php' from your server and open in notepad.

3. Change the following line in 'config.php' to refelect the changes you made:

$admin_index = 'admin.php';

to

$admin_index = 'admin8765.php';

4. Upload 'config.php'

5. Go to www.yourdomain.com/[CS-CART]/yournewadminpage.php to test.

This now seems to be set in config.local.php in CS Cart 2.x:

$config['admin_index'] = 'admin.php';