[BlueOnyx:05453] Re: Dealing with /admin URL 'hijacking

[Jeff Jones]

Yes - I can get to the CMS using the absolute path - the only problem is that with this particular CMS - it makes calls to /admin in the GUI - and this then redirects back to the BX Admin!

So the silver bullet is to either remove or rename the admin redirect..

Cheers,

Jeff

On 23 Sep 2010, at 15:12, Klein Joachim wrote:

>  Am 23.09.2010 15:55, schrieb Chris Gebhardt - VIRTBIZ Internet:
>> Jeff Jones wrote:
>>> Hi guys,
>>> 
>>> We have a web CMS on a BX box that has a url /admin and unfortunately it does not appear easy to change this admin URL much to my disgust.
>>> 
>>> I think I have seen some posts around - but I am not sure if anyone managed to find an easy way to change the BX /admin url to something a little less easier to guess.
>> Something that you try in order to avoid tinkering would be to use the
>> page name in the URL of the CMS admin, likely "index.php".  So instead
>> of going to www.domain.tld/admin go to www.domain.tld/admin/index.php
>> and I bet your CMS management page pops up.
>> 
> Hy Chris!
> 
> That´s right - but tell this the customer.
> I´m using also only the /admin-part and not the complete one.
> I had a customer who called me with exact this problem.
> 
> Customer: "I have installed a CMS on the webspace but my password 
> wouldn´t accepted"
> Support worked a long time to find out that the user was trying to login 
> to the Blueonyx-Admin and
> not the CMS of the User.
> The Install wasn´t the problem because the directory was /install, but 
> then the Admin was /admin.
> And if you have some customer without too much technical knowhow then 
> you get silly.
> 
> That´s the reason why I have deleted all the /admin-Redirects.
> Joachim
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx