MarkW Posted May 17, 2013 Share Posted May 17, 2013 Hi, I have read the Further Security Steps guide but do not fully understand how to move the crons folder so my question is can anyone confirm if this is how I do it. 1. Backup the /whmcs/crons folder to my desktop 2. Delete the /whmcs/crons folder from the server 3. Upload the crons folder outside the public_html directory 4. Edit the crons/config file and put this in there $whmcspath = '/home/username/public_html/whmcs/'; Is that all I have to do for the crons folder to be moved and to disable outside users from accessing it? 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Chris Posted May 17, 2013 Share Posted May 17, 2013 Hello, There's more steps listed there than needed. [1] Move /home/$username/public_html/path/to/whmcs/crons to /home/$username/crons [2] Edit /home/$username/crons/config.php with $whmcspath = '/home/username/public_html/whmcs/'; 0 Quote Link to comment Share on other sites More sharing options...
MarkW Posted May 18, 2013 Author Share Posted May 18, 2013 Hello Chris, Doing this still allows users to run the cron.php http://mywebsite.com/whmcs/admin/cron.php 0 Quote Link to comment Share on other sites More sharing options...
WHMCS JamesX Posted May 18, 2013 Share Posted May 18, 2013 Hello Chris, Doing this still allows users to run the cron.php http://mywebsite.com/whmcs/admin/cron.php You can change the name of your admin/ directory. 0 Quote Link to comment Share on other sites More sharing options...
And then there was one les Posted May 18, 2013 Share Posted May 18, 2013 If you have ssh access you can do this on one single line. 1) you can simply move the directory, no need to delete then upload again, choose a method you are comfortable withEG: SSH, ftp, file manager 2) You then need to edit the configuration file that is located in the directory to reflect the path to whmcs. 3) edit the cron job to reflect its new path. Thats it, all should work and there are no further steps needed to secure it from direct access. If there is something on the server this could potentially find it, however you can use to hide it very well and reduce this even further if you choose. I reccomend using the true path to whmcs installation rather than relative as they can be a little confusing to figure out the right number directories to climb unless you are familiar with relative paths. 0 Quote Link to comment Share on other sites More sharing options...
And then there was one les Posted May 18, 2013 Share Posted May 18, 2013 (edited) You can change the name of your admin/ directory. I believe you can put a kill switch in the crons file in the open area of the file to prevent direct access and deal with the issue that way. but moving the admin directory is definitely a good security step, There is also (pre v5) a module floating about that allows you to keep a spoof admin directory that simply tells the person trying to access its a failed login attempt just as the normal admin area does. This can help because the intruder may not then look for the real admin area but to be fair, again you can name it what you want which adds to the security and the more complex its name the better for this. you can try an md5 hash of some phrase that would be pretty secure and difficult to locate. Edited May 18, 2013 by CDJ Hosting 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.