Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Change admin folder name?


JClaude

Recommended Posts

In my template install files it is recommended to me to change the admin folder name to something else.

I can do that easily via my FTP program, but then the login does not work and I get an error and if I type the complete URL as in http://www............/login.php I get there, but then the login itself fails.

Is there something, beside the folder name I need to change?

Thank you

Link to comment
Share on other sites

In my template install files it is recommended to me to change the admin folder name to something else.

I can do that easily via my FTP program, but then the login does not work and I get an error and if I type the complete URL as in http://www............/login.php I get there, but then the login itself fails.

Is there something, beside the folder name I need to change?

Thank you

You also need to change your admin/includes configure.php file to reflect the new name of your admin.

Link to comment
Share on other sites

i thought of doing this, but didn't yet do it. i was thinking it was a good idea for security.

 

i read through the documentation and don't remember seeing this recommendation. can you tell me where you found it?

 

others here - is this standard practice?

Link to comment
Share on other sites

i thought of doing this, but didn't yet do it. i was thinking it was a good idea for security.

 

i read through the documentation and don't remember seeing this recommendation. can you tell me where you found it?

 

others here - is this standard practice?

 

This is where I found this recommendation (this site is for support from template monster)

http://info.template-help.com/after_sale_s...c/article2.html

Link to comment
Share on other sites

what i'd really like to do is to rename the admin folder to something else and add that name to my robots.txt file. then move the admin folder down another level, into a folder with a secret name. this way, good robots would stay out of the admin area and hackers and bad robots would have to guess at the name of my admin folder to find it. however, so much of the code here uses relative links, i wonder about breaking everything by moving the admin folder down a level...

 

example (my "catalog" is in my root):

store: www.mydomain.com

default admin location: www.mydomain.com/admin/

proposed admin location: www.mydomain.com/adminsd21/dfg543aswqn/

(where my robots.txt file lists /adminsd21/ folder as blocked, but the subfolder below that isn't named)

 

anyone else done something like this?

Link to comment
Share on other sites

Another note:

I purchased a McAffee security seal for my website, and on the first security audit of my site this issue (admin folder present) was flagged at Level1 (lowest). This is the message:

"An administrator directory was found during the web application scan. This directory may or may not be password protected. Administrator directories are a very common place for attackers to focus their attacks. These pages should not be externally accessed."

So my assumption is that hackers know that 99% of people will not rename their "admin" folder and can use it as a starting point to hack OSC sites (?)

 

I have now renamed my admin folder and after tonight's scan I want to see if this is now fixed. If not, I will go into my cpanel and password my now renamed admin folder.

 

 

 

 

what i'd really like to do is to rename the admin folder to something else and add that name to my robots.txt file. then move the admin folder down another level, into a folder with a secret name. this way, good robots would stay out of the admin area and hackers and bad robots would have to guess at the name of my admin folder to find it. however, so much of the code here uses relative links, i wonder about breaking everything by moving the admin folder down a level...

 

example (my "catalog" is in my root):

store: www.mydomain.com

default admin location: www.mydomain.com/admin/

proposed admin location: www.mydomain.com/adminsd21/dfg543aswqn/

(where my robots.txt file lists /adminsd21/ folder as blocked, but the subfolder below that isn't named)

 

anyone else done something like this?

Link to comment
Share on other sites

Patrick that is a very clever idead

I have an OSC "test lab" site and I am going to try the following:

Rename in the admin folder in the config.php files (both of them) to

"/secret1/secret2"

not sure this will be enough to configure the path but we will see

then via FTP I will create a new folder called SECRET1, then rename the admin folder to SECRET2 and move it into SECRET1

This will do what you ask, I will then report if it worked or not.

 

 

what i'd really like to do is to rename the admin folder to something else and add that name to my robots.txt file. then move the admin folder down another level, into a folder with a secret name. this way, good robots would stay out of the admin area and hackers and bad robots would have to guess at the name of my admin folder to find it. however, so much of the code here uses relative links, i wonder about breaking everything by moving the admin folder down a level...

 

example (my "catalog" is in my root):

store: www.mydomain.com

default admin location: www.mydomain.com/admin/

proposed admin location: www.mydomain.com/adminsd21/dfg543aswqn/

(where my robots.txt file lists /adminsd21/ folder as blocked, but the subfolder below that isn't named)

 

anyone else done something like this?

Link to comment
Share on other sites

I have not doe that test yet Patrick, but, as mentioned earlier, renaming the admin folder in fact made so that McAffee Secure Site scan for tdoay did not alert me anymore of the presence of an admin directory :rolleyes:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...