Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message
mike63740
Worker
Worker



Joined: Jun 21, 2010
Posts: 102

PostPosted: Tue Feb 04, 2014 12:29 am Reply with quote

Can file \html\admin.php and folder \html\admin be renamed to whatever, or the paths should not be changed? If it’s possible and complicated forget it.


Thank you.
 
View user's profile Send private message
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6432

PostPosted: Tue Feb 04, 2014 1:44 am Reply with quote

Hi Mike,

I've found that using admin authentication (directives in your .htaccess file to require a user and password to access admin.php) is very effective at blocking unauthorized admin access. You can also use htaccess to limit access to your admin folder.

That said, you can rename the admin file (admin.php) to something else .php in your config file (either config or rnconfig.php):
Code:
$admin_file = 'admin';


Although there is also a defined variable for the admin folder, I would not recommend changing that as it is likely hard-coded in your custom modules and / or the standard modules.

_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG
 
View user's profile Send private message
mike63740







PostPosted: Tue Feb 04, 2014 4:43 am Reply with quote

Unfortunately my server recognize .htaccess and similar files as invalid filenames for security reasons. I’m not able to upload these type of files to the server.

Are you also saying that it is safe to rename file \html\admin.php to whatever I want in either \html\config.php or \html\rnconfig.php? Will this allow me to rename file \html\admin.php itself as long as it is registered in either \html\config.php or \html\rnconfig.php?

The current folder settings for \html\admin is 775. Can restrictions be change here by changing the folder permissions or by password protecting the folder?


Thanks.
 
neralex
Site Admin



Joined: Aug 22, 2007
Posts: 1772

PostPosted: Tue Feb 04, 2014 10:39 am Reply with quote

It sounds like you are using yahoo hosting. They are not using the apache2 webserver. I would suggest you to think about a move to another hoster. You can't use a lot of of amazing stuff without the htaccess support.

kguske is right. Its not recommend changing that as it is likely hard-coded in so many modules. Its also not recommend to change the name of the admin folder, because you would brick the whole system. The password protection of a folder works with htaccess... so now you should really think about a move!
[ Only registered users can see links on this board! Get registered or login! ]

_________________
Github: RavenNuke 
View user's profile Send private message
mike63740







PostPosted: Tue Feb 04, 2014 8:50 pm Reply with quote

neralex and kguske thanks.

I will consider all that was said. Smile
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Thu Feb 06, 2014 5:11 am Reply with quote

Just so you know, the ability of renaming admin.php through the setting in config.php is an artefact of the old PHP-Nuke system. In old versions of php-nuke, there where so many security issues (a lot accessed through admin.php) that instead of fixing the problems, the author decided to allow the renaming of the admin file to make it slightly harder for the script kiddies as they then had to guess the admin.php file name, though he should have used a constant and not a variable but that's another story.
It was only retained in RavenNuke(tm) for backward compatibility because most users migrated from php-nuke to RavenNuke(tm) and most of the modules at that time used $admin_file in their code instead of admin.php.

As others have said though, if your server allows htaccess directives, it is always a good idea to password protect the admin directory and that applies to ANY software where you have all your admin functions in one directory as a basic security precaution.
 
View user's profile Send private message Send e-mail
mike63740







PostPosted: Sun Feb 09, 2014 6:59 am Reply with quote

RavenNuke seems to run normal with the folder \html\admin password protected. I have no problems signing in as a user, admin or just browsing the site as a guest.

I may have missed the point that it’s ok to password protect the \html\admin folder with out .htaccess files.

Is it normal for RavenNuke to run with the folder protected?


Thank you.
 
Guardian2003







PostPosted: Sun Feb 09, 2014 12:21 pm Reply with quote

Password protecting the directory shouldn't be a problem and it is good practise to do so. The only issue you might encounter is if you have a number of site administrators because you'll need to set them all up with their own unique password.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©