Guest Posted May 21, 2003 Posted May 21, 2003 Hello, I noticed that if I type http://mydomain.com/admin into my browser, I am taken to my administration page. Is it supposed to be this way? I found 2 other domains using OSC. I typed in their domains http://theirdomain.com/admin adn I wwas not taken to their administration menu (as I would believe it should be). For one I got a "Page not found" and for the other a login dialog box poped up prompting me for a password. Should I be storing my /admin directory on SSL or something? I need to make sure that no one can access my admin directory. I am sure there are many hackers that know of OSC and would know to do this for OSC shops. I could not find a thread about this. If anyone knows of a thread or a solution to this problem please post it here. I thank you in advance for your help and knowledge. I would give you my domain but I don't think that is a good Idea. Again, Thanx.
Silencer Posted May 21, 2003 Posted May 21, 2003 If your hosting ISP have CPanel or something like you can use 'Protect Directories' menu (many hosting control panels have it). There is always more than one way to do it. And always Keep It Simple, Stupid.
mattice Posted May 21, 2003 Posted May 21, 2003 Another way to do it is with an .htaccess file. You can create one (and the .passwd file) on several sites, along with instructions on how to upload them. Do a search on Google for .htaccess + generator and you'll be on your way. HTH Mattice "Politics is the art of preventing people from taking part in affairs which properly concern them"
Guest Posted May 21, 2003 Posted May 21, 2003 You Guys Are AWESOME!!!!!! I tried the latter suggestion because I could not find my protect directory option within my CP. I used http://www.webmaster-toolkit.com/htaccess-...generator.shtml to generate my files, however, it did not work for me. They told me to name my password file as .htpasswd (not .passwd as you suggest here) but it did not work. Then I tried naming it .passwd and still not working correctly (in both instances it would not accept my password.) Fortunately, I stumbled accross the pass protect option in my CP (it was in my WebShell or file mgr, whatever you wanna call it). It created the new filed for me (by the way, it named my pass file as .htpasswd, go figure. I already did so on my own but it did not work). Perhaps the site I used to generate these file is not good so for anyone having the problem I had asn cannot find pass protect option in you CP, you might wanna try some other site. I am sure there are many more, I just picked one from google. Bottom line. It is working correctly and my /admin dir is protected. YOU GUYS ROCK ans OSC ROCKS!!!!!!!!!!!!! (great testimonial, eh :D ) I am learning alot from using oscommerce. I got into it blindly but I am learning alot about OSC itself php and other important things all webmasters/site owners should know. Thanks a bunch! Carlo
mattice Posted May 21, 2003 Posted May 21, 2003 You Guys Are AWESOME!!!!!!They told me to name my password file as .htpasswd (not .passwd as you suggest here) but it did not work. My bad, passwd is a linux/unix command to assign passwords.. .htpasswd is correct. (Although you can name it whatever you like as long as the .htaccess points to the password file) Mattice "Politics is the art of preventing people from taking part in affairs which properly concern them"
Guest Posted May 21, 2003 Posted May 21, 2003 You Guys Are AWESOME!!!!!!They told me to name my password file as .htpasswd (not .passwd as you suggest here) but it did not work. My bad, passwd is a linux/unix command to assign passwords.. .htpasswd is correct. (Although you can name it whatever you like as long as the .htaccess points to the password file) Mattice I see. Thanks again. :oha:
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.