RedHot5
10-07-2003, 11:23 PM
Hi, I'm kinda new to VB and just purchased my license this month.
I have a community that I run and I spent all last weekend setting up the new board and changing the templates to match what we were used to seeing from our last BB system.
As soon as we went live on the new server, a user who has always been a real pain to us, found his way into the CP and started changing things and deleting users. Needless to say I was ticked.
We found out that he somehow got the password for one of our admin accounts (of which there was only 3) and then through that promoted himself to full admin.
I think that we plugged that security hole however for future security but I thought it would be helpful if I changed the actual location of the /admin directory so ever if he gets another password, he won't know where to get to the /admin directory to log in.
I took a look through all the current hacks but didn't notice anything like this.
I even tried to attempt the hack myself but I keep on running into parts of the code that no matter what I attempt to put in, doesn't want to load the pages properly.
So if anyone knows of this hack already being written or wants to tackle it themselves, I'm open to listening to what you have to say.
Thanks
RH5
I have a community that I run and I spent all last weekend setting up the new board and changing the templates to match what we were used to seeing from our last BB system.
As soon as we went live on the new server, a user who has always been a real pain to us, found his way into the CP and started changing things and deleting users. Needless to say I was ticked.
We found out that he somehow got the password for one of our admin accounts (of which there was only 3) and then through that promoted himself to full admin.
I think that we plugged that security hole however for future security but I thought it would be helpful if I changed the actual location of the /admin directory so ever if he gets another password, he won't know where to get to the /admin directory to log in.
I took a look through all the current hacks but didn't notice anything like this.
I even tried to attempt the hack myself but I keep on running into parts of the code that no matter what I attempt to put in, doesn't want to load the pages properly.
So if anyone knows of this hack already being written or wants to tackle it themselves, I'm open to listening to what you have to say.
Thanks
RH5