Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
FelixT Posted March 18, 2022 Posted March 18, 2022 Could you please help? ... May i know How to hide .............../admin to public? Regards,
Donnie95 Posted March 20, 2022 Posted March 20, 2022 I don't know how to hide it but you can use Cloudflare firewall rules to protect it. For example you can create a rule to only allow your IP or ISP to access the /admin/ url. This will make it very hard for attacker to hack your website. FelixT 1
Miss_B Posted March 20, 2022 Posted March 20, 2022 On 3/18/2022 at 4:19 PM, FelixT said: Could you please help? ... May i know How to hide .............../admin to public? Regards, What do you mean by hiding admin to public? Are you worried about the security? If so, you can use the required multi factor authentication to access the Admin Panel. FelixT 1
Chris Anderson Posted March 21, 2022 Posted March 21, 2022 Check out the following guide: You can add the following to your constants.php file: Constant - CP_DIRECTORY Use - Name of your admin CP directory when changed from the default of 'admin' Example value - 'newcpdirectory' FelixT 1
DawPi Posted March 21, 2022 Posted March 21, 2022 Or even protect it via htaccess too: https://www.askapache.com/online-tools/htpasswd-generator/ Egorkin and FelixT 1 1
FelixT Posted March 28, 2022 Author Posted March 28, 2022 On 3/21/2022 at 8:07 AM, Chris Anderson said: Check out the following guide: You can add the following to your constants.php file: Constant - CP_DIRECTORY Use - Name of your admin CP directory when changed from the default of 'admin' Example value - 'newcpdirectory' Thank you so much for your info and help.....will try that.
Sonya* Posted March 28, 2022 Posted March 28, 2022 CP_DIRECTORY is deprecated //-------------------------------------------------------------------------------------- // DEPRECATED OPTIONS: CHANGE AT YOUR OWN RISK // These constants were once customisable but their fucntionality should now be // considered deprecated. // AdminCP Obscurity Settings // It was once recommended for site owners to rename the directory for security // and set the CP_DIRECTORY constant so some links still work, the upgrader can put // files in the right place, etc. While it is still honoured, it is no longer recommended // as much more secure alternatives like two factor authentication now exist. 'CP_DIRECTORY' => 'admin', // The name of the directory where the AdminCP is
Mark H Posted March 28, 2022 Posted March 28, 2022 Sonya is correct. While renaming the admin folder is still possible at this time, the option to do so will be removed in an upcoming release, so please plan accordingly. We strongly recommend using 2FA for anyone that has ACP access.
Egorkin Posted April 28 Posted April 28 On 3/29/2022 at 12:32 AM, Mark H said: We strongly recommend using 2FA I tried the security questions. A very strange thing! I didn't understand how this would secure the account 🤔
Randy Calvert Posted April 28 Posted April 28 22 minutes ago, Egorkin said: I tried the security questions. A very strange thing! I didn't understand how this would secure the account 🤔 It adds another layer an attacker must overcome. Here’s a scenario in which this defense would prevent: A rather large number of people use the same usernames and passwords across multiple sites. If I get a list of credentials from another compromised site, I could try them on other sites like yours and because you used the same credentials… I now have access to your account without actually hacking your site/server/IPB instance. However with another set of questions, it’s much more likely the attacker would not have access to those as well and would be stopped. (It’s possible they could if they were targeting you specifically and had lots of info on you but it would stop those “attacks of opportunity”.) Now… it’s not as secure as something like having a 2FA implemented, but it’s better than nothing!
Egorkin Posted April 28 Posted April 28 Why didn't the IPB authors make sure that each user came up with individual questions for himself?
Jim M Posted April 28 Posted April 28 18 minutes ago, Egorkin said: Why didn't the IPB authors make sure that each user came up with individual questions for himself? You can select from a list or make your own questions. The user would select a question and insert their own answer.
Egorkin Posted April 28 Posted April 28 I'm making up a list of questions. And each user gives their own answer. Right?
Jim M Posted April 28 Posted April 28 3 minutes ago, Egorkin said: I'm making up a list of questions. And each user gives their own answer. Right? Yes. Users would supply their own answers, that is what makes it secure 🙂.
Egorkin Posted April 28 Posted April 28 10 minutes ago, Jim M said: Yes. And that's cool! I'll try it today, thanks! 👍
Randy Calvert Posted April 28 Posted April 28 In addition, I would recommend asking unique questions… don’t use “what street did you grow up on?” for example. Generic questions can sometimes be figured out from looking at social media or other places. Egorkin 1
Egorkin Posted April 28 Posted April 28 Yes, asking "What is the name of the UK capital?" it would be strange 🤣 Randy Calvert 1
wegorz23 Posted June 4 Posted June 4 On 3/18/2022 at 4:19 PM, FelixT said: Could you please help? ... May i know How to hide .............../admin to public? Regards, htaccess it or change admin dir name htaccess and htpasswd
Egorkin Posted June 4 Posted June 4 8 minutes ago, wegorz23 said: change admin dir name This is no longer relevant. It is not recommended to do this. It is necessary to use two-factor authorization and protect the directory with a server password (htaccess and htpasswd). wegorz23 1
wegorz23 Posted June 11 Posted June 11 On 6/4/2024 at 3:07 PM, Egorkin said: This is no longer relevant. It is not recommended to do this. It is necessary to use two-factor authorization and protect the directory with a server password (htaccess and htpasswd). true
Recommended Posts