Fake Admin Login Page

[PC-Mike]

Ah, of course! I had wondered if I could feed it a fake password, but couldn't work out how to get the dialogue box back! Feeding it the fake details in the url is obvious when I think about it now!

 

In the meantime, I also got it working again using a different browser from the first one, which let me log-in again (or not as the case was!).

 

Managed to check it was not working again (eg password not entered), then added the IP bypass, and it now lets me in again without a password.

 

Just need to test it from a different IP address to make sure they still get the password prompt. That'll have to wait until tomorrow now.

 

Thanks for the help. Very happy with the outcome!!!

 

Mike

[BenHarris]

Ah, of course! I had wondered if I could feed it a fake password, but couldn't work out how to get the dialogue box back! Feeding it the fake details in the url is obvious when I think about it now!

 

In the meantime, I also got it working again using a different browser from the first one, which let me log-in again (or not as the case was!).

 

Managed to check it was not working again (eg password not entered), then added the IP bypass, and it now lets me in again without a password.

 

Just need to test it from a different IP address to make sure they still get the password prompt. That'll have to wait until tomorrow now.

 

Thanks for the help. Very happy with the outcome!!!

 

Mike

 

No Problem, Glad I could help.

 

Regards,

 

Ben

[lovecoredesigns]

Thank you for this extremely useful add-on, I will be using this shortly.

[azlox]

When ever I change the name of my admin dir I goto my new dir and get a blank page. ill then have to type in /login.php I can then log in but then the next page "index.php" is blank..

 

help?

[IntaHost-Steve]

When ever I change the name of my admin dir I goto my new dir and get a blank page. ill then have to type in /login.php I can then log in but then the next page "index.php" is blank..

 

help?

 

Mate... open a new thread.

Don't completely hijack an already useful thread, it's just not cricket!

[BenHarris]

Thank you for this extremely useful add-on, I will be using this shortly.

 

Glad to hear it

 

When ever I change the name of my admin dir I goto my new dir and get a blank page. ill then have to type in /login.php I can then log in but then the next page "index.php" is blank..

 

help?

 

Sounds like you probably haven't set the new admin dir location in your config.php file. Read this: http://wiki.whmcs.com/Further_Security_Steps

 

Mate... open a new thread.

Don't completely hijack an already useful thread, it's just not cricket!

 

It was a kind of related question, but thanks for policing the thread

[ssthormess]

I think it would be great to make a revision that would allow the attacker to "enter the backend", obviously a fake backend.

[BenHarris]

I think it would be great to make a revision that would allow the attacker to "enter the backend", obviously a fake backend.

 

As cool as it would be, it doesn't really achieve anything. Looking through the log from my installed version of this, most of the requests seem to be automated anyway. It would more likely give the hacker the drive to dig deeper which isn't a favourable outcome.