tyrant Posted December 14, 2005 Posted December 14, 2005 I received a private message from a member who only registered with our website in the last 20 hours. wanted to make you aware of the following hack hole on the shop site http://www.rainbow-inspirations.co.uk/admin......go to ANY site that uses OS commerce. Type in the domain name followed by '/admin' and you will get the same access panel. It is a known hole and you should really change the directory to another name or an opportunist hacker will take your site down. Anyway they have kindafreaked me. I change my passwords regulary and it is a known fact that /admin takes you to access panel. Why did they try this?? anyway is there a way to change the admin directory so that it is a different url to gain access to it..or do i loose safety features by redirecting it? Freaky person is scaring me :huh:
Marg Posted December 14, 2005 Posted December 14, 2005 This person is doing you a favor. You should never name your admin folder "admin" since it is widely known that the oscommerce creates a folder called admin. It leaves the ability for those who want to do you harm. Call it some odd name or combination of letters and numbers or a pet's name. On the same topic, if you are using phpmyadmin, I wouldn't call that folder phpmyadmin either. The harder you make it, the less likely your are to be hacked. Marg
gscreations Posted December 14, 2005 Posted December 14, 2005 This person is doing you a favor. You should never name your admin folder "admin" since it is widely known that the oscommerce creates a folder called admin. It leaves the ability for those who want to do you harm. Call it some odd name or combination of letters and numbers or a pet's name.On the same topic, if you are using phpmyadmin, I wouldn't call that folder phpmyadmin either. The harder you make it, the less likely your are to be hacked. Marg Agree with that - security by obscurity :thumbsup: to change admin, change the folder name in your filemanger then edit your admin/includes/configure.php file you will find two lines with reference to admin change admin to whatever you called your folder
Guest Posted December 14, 2005 Posted December 14, 2005 I did this yesterday .... go to your hosting cPanel and rename the file "admin" to a new name. For example sakes: hotdog Then go to admin/includes/configure.php file, open it to edit it, and change the two lines that reference /admin/ and change it to /hotdog/ Since only you (and however else you give access to the administration of the site) need to be there, it doesn't matter what the new name for the admin is - so you don't need it to be nice looking for the public.
Guest Posted December 14, 2005 Posted December 14, 2005 i tried that on my site (substituting "admin" for the name of my admin folder) and i didn't get in anything
tyrant Posted December 14, 2005 Author Posted December 14, 2005 Thanks guys any other basic secuirty things to be fixing? Oh.. I know its lazy but how do i kill the page :-" counter?
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.