Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Admin access


tyrant

Recommended Posts

I received a private message from a member who only registered with our website in the last 20 hours.

 

wanted to make you aware of the following hack hole on the shop site

 

http://www.rainbow-inspirations.co.uk/admin......go to ANY site that uses OS commerce. Type in the domain name followed by '/admin' and you will get the same access panel.

 

It is a known hole and you should really change the directory to another name or an opportunist hacker will take your site down.

 

Anyway they have kindafreaked me. I change my passwords regulary and it is a known fact that /admin takes you to access panel. Why did they try this??

 

anyway is there a way to change the admin directory so that it is a different url to gain access to it..or do i loose safety features by redirecting it?

 

Freaky person is scaring me :huh:

Link to comment
Share on other sites

This person is doing you a favor. You should never name your admin folder "admin" since it is widely known that the oscommerce creates a folder called admin. It leaves the ability for those who want to do you harm. Call it some odd name or combination of letters and numbers or a pet's name.

On the same topic, if you are using phpmyadmin, I wouldn't call that folder phpmyadmin either. The harder you make it, the less likely your are to be hacked.

Marg

Link to comment
Share on other sites

This person is doing you a favor. You should never name your admin folder "admin" since it is widely known that the oscommerce creates a folder called admin. It leaves the ability for those who want to do you harm. Call it some odd name or combination of letters and numbers or a pet's name.

On the same topic, if you are using phpmyadmin, I wouldn't call that folder phpmyadmin either. The harder you make it, the less likely your are to be hacked.

Marg

 

Agree with that - security by obscurity :thumbsup:

 

to change admin, change the folder name in your filemanger then edit your admin/includes/configure.php file you will find two lines with reference to admin change admin to whatever you called your folder

Link to comment
Share on other sites

I did this yesterday .... go to your hosting cPanel and rename the file "admin" to a new name. For example sakes: hotdog

 

Then go to admin/includes/configure.php file, open it to edit it, and change the two lines that reference /admin/ and change it to /hotdog/

 

Since only you (and however else you give access to the administration of the site) need to be there, it doesn't matter what the new name for the admin is - so you don't need it to be nice looking for the public.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...