Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Admin not secured??

kn1ght

By kn1ght
in General Support

Recommended Posts

kn1ght

kn1ght

Posted
Posted

How do you secure the administrator page??

I typed my address, http://www.domain.com/admin/index.php

and BAM! it goes straight to the configuration page!! don't you need a password or some kind of security on this??

 

I did my installation smoothly, did I miss something here??

 

note: I did CHMOD on all required pages

  • Replies 50
  • Created
  • Last Reply
kn1ght

kn1ght

Posted
  • Author
Posted

Im using Linux with mysql, myphpadmin

 

I think I missed this one:

 

Next, use .htaccess on your /admin directory so that it is password protected. You can use the password manager on your account if you have cpanel or do a web search for .htaccess and you will find info on how to do this. Usually your host will have support information about this somewhere in their documentation.

 

Next, add ?default.php? to your directory index listing in the httpd.conf file for apache. This makes your default.php page come up without having to type in the whole string: This will keep apache from sending the entire file and directory listing of your catalog. You can make these changes yourself by editing your apache configuration file named httpd.conf. To edit this file directly on the server log in root and using the command pico /path/to/apache/conf/httpd.conf If you do not have root access, you can set this through use of .htaccess., which is also safer for beginners.

 

========================================

 

Should I use .htaccess or httpd.conf??

 

update: I don't have httpd.conf in my ftp server..

mattice

mattice

Posted
Posted
Im using Linux with mysql, myphpadmin

Should I use .htaccess or httpd.conf??

update: I don't have httpd.conf in my ftp server..

 

:D .htaccess, unless you can 'browse' to httpd.conf (the ini file of the Apache Webserver, ussually in /usr/local/apache/ )

"Politics is the art of preventing people from taking part in affairs which properly concern them"

mouflon

mouflon

Posted
Posted

gee... I don't know of any ISP that'll give you access to view, let alone change httpd.conf. Unless, of course, you have a virtual server account, or you are running your own dedicated webserver box. :)

Unexpect the Expected

mattice

mattice

Posted
Posted

I'm a dedicated person :mrgreen:

"Politics is the art of preventing people from taking part in affairs which properly concern them"

  • 1 year later...
  • 2 years later...
piccola

piccola

Posted
Posted
Under windows, just remove the "Everyone" user from the permissions on the admin folder.

 

Hi I am having this problem too.. and if I do this, ie take off the permissions for group and world, I can't get in either!!

 

piccola

  • 11 months later...
satish

satish

Posted
Posted

well in cpanel You will find password protect folder icon use it.

else generate htaccess and htpasswd file contents using some site and place those files.

 

else there are some access admin level contribs.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

maxthemaximum

maxthemaximum

Posted
Posted
well in cpanel You will find password protect folder icon use it.

else generate htaccess and htpasswd file contents using some site and place those files.

 

else there are some access admin level contribs.

 

Satish

 

 

Hi, Satish,

 

Do you know if there any free shit on windows, CPanel is incredible but costs for a personal user in Germany. So, please reply us if there is something ELSE!

maxthemaximum

maxthemaximum

Posted
Posted
In my signature is a .htaccess and .htpasswrd contribution. upload it and create your files using it to encrypt the password. instructions display on the page.

 

 

 

Hi, Thanks a lot!

 

I got to manage it.

 

regards

erniethemilk

erniethemilk

Posted
Posted
In my signature is a .htaccess and .htpasswrd contribution. upload it and create your files using it to encrypt the password. instructions display on the page.

 

OK, so I've set up the .htaccess and .htpassword files uploaded them into the admin directory and now I can't get into the admin side of my site.... what am I doing wrong... and why does the ability not seem to exist to password the admin side direct from the control panel....??!?!?

 

Anyone?

Guest

Guest

Posted
Posted
OK, so I've set up the .htaccess and .htpassword files uploaded them into the admin directory and now I can't get into the admin side of my site.... what am I doing wrong... and why does the ability not seem to exist to password the admin side direct from the control panel....??!?!?

 

Anyone?

the htpasswd file shouldn't be in the protected directory, it should be where the server keeps the passwords. And that's outside the web space. If you cannot locate this folder protection tool ask your host.

  • 1 month later...
mmnmnmnmn

mmnmnmnmn

Posted
Posted

I also have this problem

I am using dedicated Window Server, I remove "Everyone" in permission ,It Still can direct access admin page

 

I had a look on "Secure Admin Login - Logout 1.5.1"

But do it need SSL?

Visual Basic / ASP.NET / C# Programmer

eBay API Developer Program Member

Dennis_gull

Dennis_gull

Posted
Posted

Change the admin folder to something else then "admin" and password protect it.

You can also protect it so only your ip can enter the admin folder but I think thats kinda unnecessary.

auburnfamilytreasures

auburnfamilytreasures

Posted
Posted

I followed all directions and I think it will work once I get it sorted out. I have CP Panel and have placed the .htaccess and .htpasswd files in the .htpasswds folder. No luck. However; I just found a file located in mypublic_html folder that is also a .htaccess file. This file contains (minus private info):

 

# -FrontPage-

 

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

 

<Limit GET POST>

order deny,allow

deny from all

allow from all

</Limit>

<Limit PUT DELETE>

order deny,allow

deny from all

</Limit>

AuthName XXX.com

AuthUserFile /home/XXX/public_html/_vti_pvt/service.pwd

AuthGroupFile /home/XXX/public_html/_vti_pvt/service.grp

 

Would this file overwrite the new files I created in the .htpasswds folder? Is this the file that I need to replace?

 

Thanks a bunch!!!

joy99

joy99

Posted
Posted
This information:(/your/server/path/) can be found by going to admin->tools->file manager and selecting the directory where you will place the .htpasswd file.

Look at the top of the page to find the path.

(It does not need to be in the same directory as the .htaccess file.)

 

AuthName "Password Protected Area"

AuthType Basic

AuthUserFile /your/server/path/.htpasswd

 

Hi, at Godaddy it does not show a path. Is there another way to figure out this path?

 

/folder/folder2/.htpasswd isn't working for me. I orginally had the pwd file in with the directory that I'm protecting, but I removed it. I am really stupid with this stuff. I have succeeded with everything and am stuck at the password protection. I looked all over Godaddy to find a way to protect the admin area and I cannot find anything. I am using Linux host. I am getting the screen that asks for the password and all, but it won't accept it as being correct.. I get the following message..

 

Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

 

 

--------------------------------------------------------------------------------

 

Apache/1.3.33 Server at www.xxxxx.com Port 80

 

Any other options for me? Sorry, I can't figure it out. I did read a lot of the information supplied at this forum before I posted. Thanks.

bill110

bill110

Posted
Posted
Hi, at Godaddy it does not show a path. Is there another way to figure out this path?

 

/folder/folder2/.htpasswd isn't working for me. I orginally had the pwd file in with the directory that I'm protecting, but I removed it. I am really stupid with this stuff. I have succeeded with everything and am stuck at the password protection. I looked all over Godaddy to find a way to protect the admin area and I cannot find anything. I am using Linux host. I am getting the screen that asks for the password and all, but it won't accept it as being correct.. I get the following message..

Any other options for me? Sorry, I can't figure it out. I did read a lot of the information supplied at this forum before I posted. Thanks.

Godaddy does not have password protection in their control panel. You have to use .htaccess and .htpasswrd or the contribution for login admin.

The contribution in my sig below will help with creating .htaccess and .htpasswrd files.

This information:(/your/server/path/) can be found by going to admin->tools->file manager and selecting the directory where you will place the .htpasswd file.

this info is found in your oscommerce admin->tools->file manager.

you can put your .htpasswrd file anywhere in the site as long as thepath to it is specified correctly in your .htaccess.

At godaddy you cannot put it above your root directory so put it in another directory; say the includes directory.

then in your file manager browse to the .htpasswrd file and the path will be displayed at the top of the page.

I am getting the screen that asks for the password and all

If this is the case then in your admin directory you have a .htaccess file that you will need to edit with the info you create for the new password and the path to the .htpasswrd file

My Contributions

 

Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly

Password Protect Admin

"No matter where you go....There you are" - Buccaroo Bonsai

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...