PDA

View Full Version : Admin directory move hack


RedHot5
10-07-2003, 11:23 PM
Hi, I'm kinda new to VB and just purchased my license this month.

I have a community that I run and I spent all last weekend setting up the new board and changing the templates to match what we were used to seeing from our last BB system.

As soon as we went live on the new server, a user who has always been a real pain to us, found his way into the CP and started changing things and deleting users. Needless to say I was ticked.

We found out that he somehow got the password for one of our admin accounts (of which there was only 3) and then through that promoted himself to full admin.

I think that we plugged that security hole however for future security but I thought it would be helpful if I changed the actual location of the /admin directory so ever if he gets another password, he won't know where to get to the /admin directory to log in.

I took a look through all the current hacks but didn't notice anything like this.

I even tried to attempt the hack myself but I keep on running into parts of the code that no matter what I attempt to put in, doesn't want to load the pages properly.

So if anyone knows of this hack already being written or wants to tackle it themselves, I'm open to listening to what you have to say.

Thanks
RH5

RedHot5
10-07-2003, 11:25 PM
I forgot to mention which VB I'm using. I'm using V 2.3.2.

Let me know if you need any more information.

RedHot5
10-08-2003, 02:27 AM
I've been playing around with the PHP files some more and I think I may have figured out all the codes that were giving me trouble.

Right now I've managed to move my admin directory to another directory and I have the board and admin panel working properly, as far as I can tell.

If anyone is interested in this hack let me know and I'll write it up.

Moderators, I think you can close this thread of move it to another appropriate forum.

Thanks
RH5

Logician
10-08-2003, 10:03 AM
If you already managed it, my suggestion might be useless to you but I'm giving it anyway for other readers: Instead of hacking vb to change admin dir's location, you could have apply a .htaccess protection to the admin cp & modcp directories so nobody could enter without knowing the directory password even if they know the admin password.. I guess many solutions has already been provided in vb.org to do this (and there maybe even a hack released?)

RedHot5
10-08-2003, 04:15 PM
Logician, thank you for the response to my request. I had read about the posibility of password protecting a directory with Cpanel and thankfully our host is using that software. That will be one of the steps I take to secure our board.

I was up quite late last night trying to track down all the changes that needed to be made to the VB files to allow it support a changed admin directory and while I have the board running quite well, I've hit a wall with images showing up in the admin panel and in the user "post new reply" screen.

When I set the smilie's, icons and avatars to show themselves in the admin panel so that the admin knows what they are selecting the images do not show up in the user post screen and when I change the location of the images in the admin panel they no longer show up there but do show up in the user post screen.

Is there already a way to get the images to show up in both places properly and allow them to be selected and used as normal?

I'll be trying to get this to work tonight but any feedback in the meatime would be very helpful.

Thanks
RH5