We Bit Of Advice Please

[Diablo-Sat]

Ok i have my forum and dedicated server so i had re-installed my server and put my backup back on but yesterday the guy we used to have helping us had managed to get into our ftp and admin pannel in my own admin name so how was he able to get in as the server was re installed and new passwords etc etc so is their anyway i can protect the ftp and admin pannel?? as he logged in and changed all our admin passwords etc

--------------- Added [DATE]1336214002[/DATE] at [TIME]1336214002[/TIME] ---------------

is their anyway i can protect the ftp so only i can edit and the admin pannel also

[Lynne]

You should be asking your host how you can protect the ftp as this is a server issue.

[blind-eddie]

If you allowed anyone other then yourself access to your cpanel with your login details, then they to have access to your site folders via FTP.
So, change you password again, doing so will also change FTP password.
If you have not set up FTP access for anyone to your site folder, in your cpanel, look in the FTP accounts section.

There should be 2-3 automatically set up for you via host when you set up your account. Your main account access, logs & maybe public FTP.

If there are any others that are showing access to your site folder, then someone else made that FTP account when they had access to your cpanel.

Before you delete anything, check with your host to see what FTP accounts were set up automatically when you started your account & if you did not set up any other FTP accounts for anyone else that is showing other then default, delete them after you talk to your host.

While in your cpanel you can password protect your admincp folder and set it up so you are the only one with access to it.

In your cpanel look for the Security Section, then click the Password Protect Directories icon.
Select the "Document Root" option, select main domain then click go.
Click the folder next to your site name to open it, once opened click on the admincp name & not the folder.

One the page that follows you will need to check the "Password protect this directory" option.(Important!!)
Now name the protected directory what ever you want. Save it then click the go back option.
You will now need to Create User.
Use a name other then your site name & create a password that is different then what you use anywhere online. REMEMBER THIS INFO.
Click Add/Modify Authorized user.
Your admincp is now password protected and you are the only person that has access to it even if others on your site have admin access.

Go to your site, login, click the Admincp link. You will now see a login screen different from your main site login.
Enter the details you used when you password protected the admincp, login.
Now you will see your normal admincp login screen, login using your normal site login details

Its really simple to set up.

--------------- Added [DATE]1336275334[/DATE] at [TIME]1336275334[/TIME] ---------------

Also, via FTP, in your includes folder find and edit the config.php using wordpad. Scroll down to the following sections to make sure your user ID is the only ID having permission to them.

USERS WITH ADMIN LOG VIEWING PERMISSIONS
USERS WITH ADMIN LOG PRUNING PERMISSIONS
USERS WITH QUERY RUNNING PERMISSIONS
UNDELETABLE / UNALTERABLE USERS
SUPER ADMINISTRATORS

Click save if you edit, then close it.

[Simon Lloyd]

Quote:

Originally Posted by Diablo-Sat

....... put my backup back on but yesterday the guy we used to have helping us had managed to get into our ftp and .....--------------- Added [DATE]1336214002[/DATE] at [TIME]1336214002[/TIME] ---------------

is their anyway i can protect the ftp so only i can edit and the admin pannel also

Adding the backup is probably what did the trick, if you'd taken a cpanel backup after he'd been given access rights then instaling that would have given them right back!


One other thing to add to blind-eddies' suggestion (i have always done that by the way ) is to change the folder name of admin and modcp and change the name in config.php so instead of admincp you can change the folder name in cpanel (not the folder name as in blind-eddies suggestion) to say "MyxyzAdminCp" then in config.php find admincp and replace that for that name, then do blind-eddies suggestion and you'll be golden.

Download filezilla or core ftp le (they are both free) and get to grips with how to use them, then in future if you have someone helping with things you cant manage you can upload the files that they send to you rather than allowing them in

[blind-eddie]

Quote:

Originally Posted by Simon Lloyd

One other thing to add to blind-eddies' suggestion (i have always done that by the way ) is to change the folder name of admin and modcp and change the name in config.php so instead of admincp you can change the folder name in cpanel (not the folder name as in blind-eddies suggestion) to say "MyxyzAdminCp" then in config.php find admincp and replace that for that name, then do blind-eddies suggestion and you'll be golden.

I didn't suggest changing folder names, figured this was a hand full.
When any folder is set up to be password protected via cpanel you are ask to name the protected area, not the folder. The name will display in the message when you go to that login screen.