Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security Issue? - General Access to /admin dir - HELP!


Guest

Recommended Posts

Hello,

 

I noticed that if I type http://mydomain.com/admin into my browser, I am taken to my administration page. Is it supposed to be this way?

 

I found 2 other domains using OSC. I typed in their domains http://theirdomain.com/admin adn I wwas not taken to their administration menu (as I would believe it should be). For one I got a "Page not found" and for the other a login dialog box poped up prompting me for a password.

 

Should I be storing my /admin directory on SSL or something?

 

I need to make sure that no one can access my admin directory. I am sure there are many hackers that know of OSC and would know to do this for OSC shops.

 

I could not find a thread about this. If anyone knows of a thread or a solution to this problem please post it here.

 

I thank you in advance for your help and knowledge.

 

I would give you my domain but I don't think that is a good Idea.

 

Again, Thanx.

Link to comment
Share on other sites

If your hosting ISP have CPanel or something like you can use 'Protect Directories' menu (many hosting control panels have it).

There is always more than one way to do it.

And always Keep It Simple, Stupid.

Link to comment
Share on other sites

Another way to do it is with an .htaccess file.

You can create one (and the .passwd file) on several sites, along with instructions on how to upload them.

 

Do a search on Google for .htaccess + generator and you'll be on your way.

 

HTH

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

You Guys Are AWESOME!!!!!!

 

I tried the latter suggestion because I could not find my protect directory option within my CP. I used http://www.webmaster-toolkit.com/htaccess-...generator.shtml to generate my files, however, it did not work for me. They told me to name my password file as .htpasswd (not .passwd as you suggest here) but it did not work. Then I tried naming it .passwd and still not working correctly (in both instances it would not accept my password.)

 

Fortunately, I stumbled accross the pass protect option in my CP (it was in my WebShell or file mgr, whatever you wanna call it). It created the new filed for me (by the way, it named my pass file as .htpasswd, go figure. I already did so on my own but it did not work). Perhaps the site I used to generate these file is not good so for anyone having the problem I had asn cannot find pass protect option in you CP, you might wanna try some other site. I am sure there are many more, I just picked one from google.

 

Bottom line. It is working correctly and my /admin dir is protected. YOU GUYS ROCK ans OSC ROCKS!!!!!!!!!!!!! (great testimonial, eh :D )

 

I am learning alot from using oscommerce. I got into it blindly but I am learning alot about OSC itself php and other important things all webmasters/site owners should know.

 

Thanks a bunch!

 

Carlo

Link to comment
Share on other sites

You Guys Are AWESOME!!!!!!

They told me to name my password file as .htpasswd (not .passwd as you suggest here) but it did not work.

 

My bad, passwd is a linux/unix command to assign passwords.. .htpasswd is correct. (Although you can name it whatever you like as long as the .htaccess points to the password file)

 

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

You Guys Are AWESOME!!!!!!

They told me to name my password file as .htpasswd (not .passwd as you suggest here) but it did not work.

 

My bad, passwd is a linux/unix command to assign passwords.. .htpasswd is correct. (Although you can name it whatever you like as long as the .htaccess points to the password file)

 

Mattice

 

I see. Thanks again. :oha:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...