Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's
Author Message
ladysilver
Hangin' Around


Joined: May 03, 2004
Posts: 49
Location: Cyberspace

PostPosted: Sun Aug 28, 2005 3:08 pm Reply with quote

While it's great that "admin.php" can be changed to something else in the config file, I noticed that in index.php, mainfile.php and most of the admin files have the ".php" extension hardcoded:

Code:
$admin_file.".php


I would rather not to use .php at all, just set up a handler in Apache to recognize different extensions as a php file. I know I can do this by just changing .php in the coding example I used above, but can it be edited so different extensions can be used without recoding the files over and over? For example, if I wanted "admin.php" to be "secret.abc" one month and then "hidden.xtp" the next without editing code again.
 
View user's profile Send private message Visit poster's website ICQ Number
VinDSL
Life Cycles Becoming CPU Cycles


Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com

PostPosted: Sun Aug 28, 2005 3:31 pm Reply with quote

Short answer: I suppose. However...

Long answer: I've tried different OSs over the years, and when I was running CGI over IIS, I used to have to rename the admin files, and it was a real pain. That is, I would put the proper extension on the files to use them, do maintenance, then rename them afterwards.

What I do now is make it so 'admin.php' can only be auth'ed from this IP. LoL! Now, I can't admin my site from work or wherever, which is sort of a pain, but not as bad as renaming files. Wink

You might find this interesting...
Only registered users can see links on this board! Get registered or login!

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. 
View user's profile Send private message Visit poster's website ICQ Number
VinDSL
PostPosted: Sun Aug 28, 2005 5:44 pm Reply with quote

Heh! Here's a cute one for you, ladysilver!

I tweaked the hack (listed above) and got rid of the admin login box for non-trusted IPs.

Check it out... Only registered users can see links on this board! Get registered or login!

Would you be interested in something like this? It's a 'keeper' for me... Dance-Y
 
ladysilver
PostPosted: Sun Aug 28, 2005 5:51 pm Reply with quote

Thanks for posting that link, VinDSL. Smile I will make a place for it in my webmaster's bag o' tricks.
 
VinDSL
PostPosted: Sun Aug 28, 2005 7:44 pm Reply with quote

My pleasure!

The hack, posted above, doesn't get rid of the login box. It justs give you a 'warning' and displays the login box anyway, i.e. for the hackers' use, I guess. Rolling Eyes

If you're interested in my tweak, which gets rid of the login box for non-trusted IPs, let me know and I'll post it here. It's not too hard to figure out, if you look at the original hack...
 
VinDSL
PostPosted: Sun Aug 28, 2005 11:35 pm Reply with quote

I *really* like this hack, so I decided to post my tweak in the original thread...

If you're interested: Only registered users can see links on this board! Get registered or login! Wink
 
VinDSL
PostPosted: Wed Aug 31, 2005 2:49 am Reply with quote

OMG!

I couldn't figure out why I wasn't getting any positive feedback from this paradigmatic tweak. Then I realized, today, that 'you' aren't seeing what I'm seeing, from this IP.

Why?

I am protected on so many levels that it's like peeling the 'skin' off an onion. That is, I have layer upon layer of protection on my web site, out of necessity -- being a prime target of hackers, especially Persians.

The fact of the matter is, 'you' could not see my tweak because 'you' were being redirected to my main page before getting to this tertiary layer of protection -- the tweak itself.

Gawd! I know this doesn't make any sense to most of you, but the bottom line is -- I've lowered my shields so you can (hopefully) see the effects of the tweak at hand.

If I get hacked by dropping the first couple of layers of defense, so be it, but I doubt this will happen. I think this tweak, alone, is enough to suffice. We will shortly see...

So, without additional bustle, tell me if you can see the fruit-of-my-labor now...
Only registered users can see links on this board! Get registered or login!

You should be presented with a warning, and NO admin login block. If this isn't the case, please let me know. I plan to publish this elsewhere, if everything works out -- I feel that strongly about it.

Hopefully I haven't 'screwed the pooch', so to speak. Timing is everything, and I know the tide is against me at this point.

Sorry for this foopah, but nobody is perfect... Wink
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Thu Sep 01, 2005 12:03 am Reply with quote

Works for me "You have entered a restricted area..."
Cool!!
 
View user's profile Send private message Send e-mail
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©