1
Angie
Security feat XOOPS
  • 2003/11/27 19:05

  • Angie

  • Just popping in

  • Posts: 5

  • Since: 2003/11/27


Hi,

I'm a french Girl who working by a french Hosting Service.
I have a problem: Always we have brut force attacks against the admin.php pages in your Xoops.

I have a idea or a question: If is possibel or can your not make modifications on name of the administration page ??

I think: I cant not make choose the Administrator the name of this page ?
I install XOOPS and the systeme ask me the question : Name for your admin.php ??
or
I install XOOPS and the systeme generate a name and give me this name on loggin first time who I was admin ???

You can do this ?
We have been obligated to banned all admin.php :o( and now all our user cant not administrated heir xoop site ...

Thanks for helping

( sorry for my bad english )


Kiss and Greet from French

Angie

2
skalpa
Re: Security feat XOOPS
  • 2003/11/27 19:11

  • skalpa

  • Quite a regular

  • Posts: 300

  • Since: 2003/4/16


Actually it wouldn't be easy.
But I'll consider this and will check that with you more deeply (check your inbox soon).

Skalpa.>

3
Angie
Re: Security feat XOOPS
  • 2003/11/27 19:26

  • Angie

  • Just popping in

  • Posts: 5

  • Since: 2003/11/27


:o)

Fine !
Thank you verry much !!

( I dont know but after your message I have a irrestible desire to say: I have never said it's been easy ... I always offring the true ( dixit Morpheus @ Matrix ) :op Quote:

skalpa wrote:
Actually it wouldn't be easy.
But I'll consider this and will check that with you more deeply (check your inbox soon).

Skalpa.>

4
DonXoop
Re: Security feat XOOPS

Bonjour,

Just curious, are these attacks specificaly after XoopS itself or just admin.php in general and all virtual servers?

I just got started in XoopS and found a module designed to guard against DoS attacks. Maybe this will help?

An idea for dev, maybe additional ACLs for admin.php like IP? Oh wait, you can do that in Apache confs. You can allow/deny at the server level, virtual server, directory level etc. You'll then only have to deal with valid users that need admin but there is a way. Say that admin.php is blocked at the server as tight as practical (at the server level) and then only allowed to even request critical files if already authenticated and ACL allowed (XoopS level).

5
Per4orm
Re: Security feat XOOPS
  • 2003/11/27 20:47

  • Per4orm

  • Documentation Writer

  • Posts: 145

  • Since: 2003/11/14


There is another option, if I may be so bold, that could be considered for the next major release:

Have all the admin files, including admin.php, within a subdirectory of the main installation. Then to access the administrators area you have to access admindirectory/index.php

This has the added advantage that the admin directory could then also be protected by a .htaccess file if required, doubling the security level.

Regards,
Gareth

Login

Who's Online

189 user(s) are online (106 user(s) are browsing Support Forums)


Members: 0


Guests: 189


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits