Jump to content

Case #5083 - Notify admins upon detection of admin directory configuration issue

clopezi

By clopezi
in Using WHMCS

 Share

Recommended Posts

  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

brian! Senior Member

brian!

Posted
Posted
Hi Duran, while your suggestion is a good one I think it is kind of a fatal issue. especially since there seems there wont be a fix.

the next passage is from the current changelog, seems like this is done on purpose

I think it's safe to assume that it was done on purpose - just not thought through or tested enough before release... not the first time that's occurred and I doubt it will be the last.

0
Link to comment
Share on other sites
SeanP Senior Member

SeanP

Posted
Posted

If you change your admin directory to something nobody knows, what is the point in having the "fake" admin login? Change the admin directory to something obscure and hard to guess, and your admin area will be "hidden". To me the fake admin stuff is just a way to taunt potential hackers, and not really a true security tool. If they are worth their salt, by any means, they will be able to tell it is fake in a matter of seconds.

0
Link to comment
Share on other sites
merlinpa1969 Senior Member

merlinpa1969

Posted
Posted

You are correct, it is a taunt, and honestly a way to track who where from how often and you get to have some fun as well with a BIG nasty gram,

If you change your admin directory to something nobody knows, what is the point in having the "fake" admin login? Change the admin directory to something obscure and hard to guess, and your admin area will be "hidden". To me the fake admin stuff is just a way to taunt potential hackers, and not really a true security tool. If they are worth their salt, by any means, they will be able to tell it is fake in a matter of seconds.
0
Link to comment
Share on other sites
dimitrifrom31 Senior Member

dimitrifrom31

Posted
Posted
If you change your admin directory to something nobody knows, what is the point in having the "fake" admin login? Change the admin directory to something obscure and hard to guess, and your admin area will be "hidden". To me the fake admin stuff is just a way to taunt potential hackers, and not really a true security tool. If they are worth their salt, by any means, they will be able to tell it is fake in a matter of seconds.

 

Perma ban the IP's logged by the fake admin.

0
Link to comment
Share on other sites
SeanP Senior Member

SeanP

Posted
Posted
Perma ban the IP's logged by the fake admin.

 

Do you do this automatically? If not, can't you just check your web server logs to see which IPs attempted access to /admin? You wouldn't need the actual fake admin pages in place for that. I would think this could be done via a daily cron job.

0
Link to comment
Share on other sites
SeanP Senior Member

SeanP

Posted
Posted
Its actually much easier to track from the fake admin interface, you can also track failed login attempts, I personally get an email with all the information ( browser, country IP what they typed in for username and password etc )

 

I see... I guess you can capture more granular information, from the hack attempt, with the fake admin.

0
Link to comment
Share on other sites
  • 2 weeks later...
isixhosting Senior Member

isixhosting

Posted
Posted
I upgraded rather quickly after the 5.3.10 release was made.

 

I use $customadminpath to set a custom path for my admin directory. I have done this for years.

 

I renamed the admin directory in the patch to my custom directory name. Now, when I try to view my admin site I am getting a message stating I am trying to access the admin area via a directory that is different from the one configured. But there's the rub, I'm not trying to access it via a directory different than the configured directory. I am trying to access it via the configured directory. The default 'admin' directory doesn't exist on my server, only my custom one.

 

Please help.

 

Thanks,

Joe

 

- - - Updated - - -

 

Okay, I managed to get in to the login page by setting the $customadminpath to a full relative path. My WHMCS is setup in a sub-directory so my path is /clients/mycustomadmindir. Never needed the /clients/ part before upgrading to 5.3.10.

 

Not entirely out of the woods yet because now I get "Language Folder Not Found" after logging in. I guess the full relative path doesn't work throughout WHMCS, just for the check to see if I'm using the right directory or not before allowing me to login. I'm glad this isn't supposed to be a stable release or anything.

 

Absolutely agreed - after replacing the init.php for the one of the version 5.3.9 we do get a stupid error in the support are, like we got it before the update to 5.3.10

 

2.jpg

 

- - - Updated - - -

 

someone else find a fix rather than the old init.php file, seems like the issue related to the folder path, check:

 

http://forum.whmcs.com/showthread.php?93362-5-3-10-and-customadminpath

 

The link/therad doesn't work anymore - WHY???

0
Link to comment
Share on other sites
  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept