:o)

I m sitting on a fuckin BACKBONE , all servers in Linux
I do not know all détails of attack but I can tell you , if my boss shoot down all admin.php is not for fun.

You know if a many lot of crazy humains on the internet and I have seen many things who make: in my head.

So my boss has restored all admin.php but he said it s many important to come on call at your users : Security is important.
He tell me that, whanever you want you can contact him at his private mail ( I got it ask me if you want ) and he give all information for make better and all information who can help you on your developping.

( Oh my god my english is !!! verry bad )

kiss from france

Hi there :o)

yes all what you say is good.
But I wanna show you a thing :

Fine you put a very fast loggin on you admin.php it s not the problem. The problem are: Everyone can find or know : the admin of a site use admin.php for loggin. So everyone goes attack to admin.php

The probleme is, we have many users on one server : 60 user who using XOOPS = 60 admin.php = 60 attacks vs admin.php

The problem is not the password , the probleme is the attack vs admin.php x 60 who makes go down server.

100Mbps vs a server arround 10 hours: I said outch ...


That is the probleme

( so sorry my english is verry bad )


kiss from france

:o) He Lolo,

c'est si dangereux parce-que n'importe quel neuneu sait ou commencer à attaquer: admin.php
Je mets 5 minutes à le trouver, 7h de recuperer ton mot de pass et ton adminnick avec une brutforce attaque, ensuite on te ridiculise devant ton client en te foutent ce genre d'index ( voir DIGITATTACKS sur www.zone-h.com ) :o)
Mais t'inquiete pas ... C'est pas une faille de securité , n'est pas ?

Sorry Skalpa but I tell to Lolo why the name of Admin.php is an danger. Because EVERYONE KNOW his name is ADMIN.PHP , so everyone know find him on a server. Only tapehttp://www.yourdomaine.com/admin.php <= OH I find :o) so I make a brut force attak against this page and I have 50 % chances to got the pass. ... After this everybody can put an index.html and OWNZ your to digits attacks on www.zone-h.com

You know, many of our clients use yours XOOPS and it's a fine systeme ( I like it ) but many of our client DO NOT KNOW SECURE heir Website or SQL data ...


Thanks anytime for readin and help

PS : I ask my boss for details of attacks and bring your the information soon ;o)

:o)

Fine !
Thank you verry much !!

( I dont know but after your message I have a irrestible desire to say: I have never said it's been easy ... I always offring the true ( dixit Morpheus @ Matrix ) :op Quote:

Hi,

I'm a french Girl who working by a french Hosting Service.
I have a problem: Always we have brut force attacks against the admin.php pages in your Xoops.

I have a idea or a question: If is possibel or can your not make modifications on name of the administration page ??

I think: I cant not make choose the Administrator the name of this page ?
I install XOOPS and the systeme ask me the question : Name for your admin.php ??
or
I install XOOPS and the systeme generate a name and give me this name on loggin first time who I was admin ???

You can do this ?
We have been obligated to banned all admin.php :o( and now all our user cant not administrated heir xoop site ...

Thanks for helping

( sorry for my bad english )


Kiss and Greet from French

Angie