Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Change admin.php to something else? Rate Topic   - - - - -

 
  • tmhs
  • Member
  • Members
  • Join Date: 23-Oct 07
  • 63 posts

Posted 03 November 2007 - 02:56 AM #1

Hey,

I'd like to change admin.php to a different name for security reasons.

Is this possible?

I have found only 3 places where it mentions admin.php in the whole program.

admin.php
//
// $Id: admin.php etc etc//

config.php
$admin_index = 'admin.php';

robots.txt
Disallow: /admin.php

Is it as simple as changing just those 3 or is there hidden variables? The config.php part looks like that's where the admin.php file name is stipulated but I'm just double checking that I'm not missing anything ;)

Many thanks for your time :)

 
  • MikeFold
  • Senior Member
  • Members
  • Join Date: 24-Nov 06
  • 1034 posts

Posted 03 November 2007 - 03:11 AM #2

that looks right to me...
as far as i recall, i just changed the two you mentioned (the top one is just the comment)
[SIZE="1"]Seamlessly Upgraded to 1.3.5sp4 from 1.3.4sp3
Live: Playboy Collectors Gallery
(Adult)[/SIZE]

[SIZE="2"]LOOKING FOR A FEW COPIES OF THE NEW LITHUANIA PLAYBOY ISSUES...AND COLOMBIA ISSUES.....
FEEL FREE TO Private Message Me....THANKS[/SIZE]


[SIZE="1"]Slightly Modded Default Red | Zardos Lightbox | Sitemap | Multicards Payment Mod |
Cart & Checkout Pages Modified |
[/SIZE]

 
  • Page
  • Senior Member
  • Members
  • Join Date: 06-Sep 07
  • 491 posts

Posted 03 November 2007 - 09:31 AM #3

I just changed to email log in from within cs-cart.

With a nice long password.

Is this not as good?
*** Trying to help and trying to learn ***
Running an upgraded v135sp3 to v2.0.12 on live store(05/02/10) but not really right after update by Dr SnoRocket

 
  • tmhs
  • Member
  • Members
  • Join Date: 23-Oct 07
  • 63 posts

Posted 03 November 2007 - 10:02 AM #4

Yeh that'll do...but I just want that extra bit of security :)

Cheers guys :D

 
  • Page
  • Senior Member
  • Members
  • Join Date: 06-Sep 07
  • 491 posts

Posted 03 November 2007 - 04:36 PM #5

16 random characters will keep them busy.

It also kicks into the customer end - from memory - which is a better solution.
*** Trying to help and trying to learn ***
Running an upgraded v135sp3 to v2.0.12 on live store(05/02/10) but not really right after update by Dr SnoRocket

 
  • fwhorch
  • Junior Member
  • Members
  • Join Date: 07-Nov 07
  • 20 posts

Posted 01 December 2007 - 05:51 AM #6

Just wanted to let you know that I changed the name of admin.php in my config file and everything works for me (so far).

I wouldn't put the name of the new admin script in the robots file, because that will alert a hacker to the new name.

Robots shouldn't find the admin script because it shouldn't be linked in from any of the public pages. So there is no need to explicitly exclude robots from attempting to spider it.

Please someone correct me if I'm giving bad advice here.

Thanks,
Fred
Fred Wilson Horch, Founder

F.W. Horch Sustainable Goods & Supplies
56 Maine Street
Brunswick, ME 04011

(207) 729-4050
www.FWHorch.com ~ "Practically, saving the planet."

1.3.5-SP1 (site under development)

 
  • taydu
  • Senior Member
  • Members
  • Join Date: 24-Jul 06
  • 350 posts

Posted 03 February 2008 - 12:51 AM #7

wonder if we could move admin.php into a seperate directory (i.e. adminpanel) so we can put another layer of security using htaccess

 
  • WebGuy
  • Senior Member
  • Members
  • Join Date: 02-Dec 08
  • 419 posts

Posted 20 January 2009 - 04:29 PM #8

Has anyone tried doing the suggestion above and been successful.

I would like to have Admin location at:
https://www.mysite.com/administrator (like Joomla!)

TIA,
WebGuy

 
  • mdekok3000
  • Senior Member
  • Members
  • Join Date: 06-Feb 08
  • 883 posts

Posted 21 January 2009 - 12:58 AM #9

That should do it. However, make sure to add .php to the end because it's a php file.

https://www.mysite.com/administrator.php

I have done this myself, except for the first part which is just a comment in the code.
[SIZE=2]
[/SIZE]

 
  • WebGuy
  • Senior Member
  • Members
  • Join Date: 02-Dec 08
  • 419 posts

Posted 21 January 2009 - 03:07 PM #10

Hey mdekok...what you are saying is this is just renaming the file admin.php to whatever you want which I see can be done successfully without issue.

What I would like to do is have a seperate directory (folder) where that admin.php file resides. In other words, the admin.php file would be renamed to index.php in another folder much like Joomla! does.

So that when going to www.mysite.com/administrator/ (no .php) this will engage the admin.php file inside the administrator folder. Instead of having to type .php onto the end of the file.

Much like when you go to any webfolder there is an index.php (index.htm etc.) file which is automatically called to parse. www.mysite.com brings you to the home page even though you are really accessing www.mysite.com/index.php

I have tried somewhat to do this but have found that it takes some repathing of other files to get it to work...and I haven't gotten there yet.

I know admin.php calls prepare.php and init.php which would have to be moved to the same folder as the admin.php (renamed index.php) and then repath whatever files they call...

I will continue to look into this and post a solution if I can do it...meanwhile

I was just wondering if someone has already accomplished this and can share with us what exactly was done and which files need to be edited?

Thanks,
WebGuy
WebGuy
www.nutraceaonline.com
CS-CART VERSION: 1.3.5 SP4

 
  • The Tool
  • Been Here Way Too Long Member
  • Members
  • Join Date: 30-Mar 07
  • 3768 posts

Posted 21 January 2009 - 04:05 PM #11

What is the benefit of doing what you are trying to do? Sounds like more trouble than what it's worth when you can just edit a couple of lines here and there and be done with it.

 
  • mdekok3000
  • Senior Member
  • Members
  • Join Date: 06-Feb 08
  • 883 posts

Posted 21 January 2009 - 05:37 PM #12

Putting it in a separate directory could possibly cause a lot of file reference errors since the files that the admin.php references are in the store root.

Hey mdekok...what you are saying is this is just renaming the file admin.php to whatever you want which I see can be done successfully without issue.

What I would like to do is have a seperate directory (folder) where that admin.php file resides. In other words, the admin.php file would be renamed to index.php in another folder much like Joomla! does.

So that when going to www.mysite.com/administrator/ (no .php) this will engage the admin.php file inside the administrator folder. Instead of having to type .php onto the end of the file.

Much like when you go to any webfolder there is an index.php (index.htm etc.) file which is automatically called to parse. www.mysite.com brings you to the home page even though you are really accessing www.mysite.com/index.php

I have tried somewhat to do this but have found that it takes some repathing of other files to get it to work...and I haven't gotten there yet.

I know admin.php calls prepare.php and init.php which would have to be moved to the same folder as the admin.php (renamed index.php) and then repath whatever files they call...

I will continue to look into this and post a solution if I can do it...meanwhile

I was just wondering if someone has already accomplished this and can share with us what exactly was done and which files need to be edited?

Thanks,
WebGuy


[SIZE=2]
[/SIZE]

 
  • WebGuy
  • Senior Member
  • Members
  • Join Date: 02-Dec 08
  • 419 posts

Posted 21 January 2009 - 07:26 PM #13

@Tool Outfitters

What is the benefit of doing what you are trying to do? Sounds like more trouble than what it's worth when you can just edit a couple of lines here and there and be done with it.


I've never seen an "Admin" login that isn't set up this way (until now) and aside from the "security" issue (I don't like Admin login being "out in the open" or in the "root")...As the "Administrator" of the website, I have "others", customer service, order takers, finance etc. who actually do the work.

I also Admin the corporate website and the more consistent I can make these sites the easier it is for "others" to work with them. So if they all "run" the same way, my job gets a lot less troublesome. ;-)

@mdekok

Putting it in a separate directory could possibly cause a lot of file reference errors since the files that the admin.php references are in the store root.


Yes, that's the issue I'm running into...which is what I meant by "repathing" the files...it can be done, but will take some time. I've almost got it done.

Thanks,
WebGuy
WebGuy
www.nutraceaonline.com
CS-CART VERSION: 1.3.5 SP4

 
  • timst
  • Member
  • Members
  • Join Date: 13-Feb 09
  • 110 posts

Posted 15 May 2009 - 03:48 PM #14

I am trying to work on this issue as well. I also requested this of CS for some feedback on the 2.xx branch.

There is a lockout after 3 failed attempts I believe, which is helpful.
However... If the admin.php could be buried in a subdirectory mysite.com/admin/admin.php then the directory in which it resides can be password protected, and adding a much better level of security, with the additional hoop to jump thru (using one password on the directory, and and another password for the admin login)
Anyone else sucessfully pulled this off, or the way CSCart is designed, will it never work?
We need all the security we can get when holding onto sensitive data belonging to the customer.
Thoughts anyone?

 
  • BungaPads
  • Member
  • Authorized Reseller
  • Join Date: 15-May 09
  • 31 posts

Posted 15 May 2009 - 09:26 PM #15

Has anyone tried this in 2.x? I am having troubles in the admin control panel now.

please view my other (possibly filed in the wrong area) thread.

http://forum.cs-cart...ead.php?t=10952