[BlueOnyx:05455] Re: Blueonyx Digest, Vol 21, Issue 34

Stuart Clark (Datacenta) stuart.clark at datacenta.net
Fri Sep 24 03:13:07 -05 2010 

Hi

I had this same issue but rather than delete the admin redirects I added the following to the particular site.include file in /etc/httpd/conf/vhosts

RewriteEngine on
RewriteRule ^/admin/?$                 http://www.wesite.com/admin [L,R]
RewriteEngine off

This means I can do it on a site by site basis where necessary.

Regards,

Stuart



-----Original Message-----
From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it] On Behalf Of blueonyx-request at blueonyx.it
Sent: 23 September 2010 17:00
To: blueonyx at blueonyx.it
Subject: Blueonyx Digest, Vol 21, Issue 34

Send Blueonyx mailing list submissions to
	blueonyx at blueonyx.it

To subscribe or unsubscribe via the World Wide Web, visit
	http://www.blueonyx.it/mailman/listinfo/blueonyx
or, via email, send a message with subject or body 'help' to
	blueonyx-request at blueonyx.it

You can reach the person managing the list at
	blueonyx-owner at blueonyx.it

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Blueonyx digest..."


Today's Topics:

   1. [BlueOnyx:05452] Re: Dealing with /admin URL 'hijacking
      (Klein Joachim)
   2. [BlueOnyx:05453] Re: Dealing with /admin URL 'hijacking
      (Jeff Jones)


----------------------------------------------------------------------

Message: 1
Date: Thu, 23 Sep 2010 16:12:06 +0200
From: Klein Joachim <j.klein at ibusiness.at>
Subject: [BlueOnyx:05452] Re: Dealing with /admin URL 'hijacking
To: BlueOnyx General Mailing List <blueonyx at blueonyx.it>
Message-ID: <4C9B6036.4000608 at ibusiness.at>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

  Am 23.09.2010 15:55, schrieb Chris Gebhardt - VIRTBIZ Internet:
> Jeff Jones wrote:
>> Hi guys,
>>
>> We have a web CMS on a BX box that has a url /admin and unfortunately it does not appear easy to change this admin URL much to my disgust.
>>
>> I think I have seen some posts around - but I am not sure if anyone managed to find an easy way to change the BX /admin url to something a little less easier to guess.
> Something that you try in order to avoid tinkering would be to use the
> page name in the URL of the CMS admin, likely "index.php".  So instead
> of going to www.domain.tld/admin go to www.domain.tld/admin/index.php
> and I bet your CMS management page pops up.
>
Hy Chris!

That?s right - but tell this the customer.
I?m using also only the /admin-part and not the complete one.
I had a customer who called me with exact this problem.

Customer: "I have installed a CMS on the webspace but my password 
wouldn?t accepted"
Support worked a long time to find out that the user was trying to login 
to the Blueonyx-Admin and
not the CMS of the User.
The Install wasn?t the problem because the directory was /install, but 
then the Admin was /admin.
And if you have some customer without too much technical knowhow then 
you get silly.

That?s the reason why I have deleted all the /admin-Redirects.
Joachim



------------------------------

Message: 2
Date: Thu, 23 Sep 2010 15:22:45 +0100
From: Jeff Jones <jeffrhysjones at mac.com>
Subject: [BlueOnyx:05453] Re: Dealing with /admin URL 'hijacking
To: BlueOnyx General Mailing List <blueonyx at blueonyx.it>
Message-ID: <FDD1B0FB-9DCD-4BD1-A510-E1AEB223D948 at mac.com>
Content-Type: text/plain; charset=iso-8859-1

Yes - I can get to the CMS using the absolute path - the only problem is that with this particular CMS - it makes calls to /admin in the GUI - and this then redirects back to the BX Admin!

So the silver bullet is to either remove or rename the admin redirect..

Cheers,

Jeff

On 23 Sep 2010, at 15:12, Klein Joachim wrote:

>  Am 23.09.2010 15:55, schrieb Chris Gebhardt - VIRTBIZ Internet:
>> Jeff Jones wrote:
>>> Hi guys,
>>> 
>>> We have a web CMS on a BX box that has a url /admin and unfortunately it does not appear easy to change this admin URL much to my disgust.
>>> 
>>> I think I have seen some posts around - but I am not sure if anyone managed to find an easy way to change the BX /admin url to something a little less easier to guess.
>> Something that you try in order to avoid tinkering would be to use the
>> page name in the URL of the CMS admin, likely "index.php".  So instead
>> of going to www.domain.tld/admin go to www.domain.tld/admin/index.php
>> and I bet your CMS management page pops up.
>> 
> Hy Chris!
> 
> That?s right - but tell this the customer.
> I?m using also only the /admin-part and not the complete one.
> I had a customer who called me with exact this problem.
> 
> Customer: "I have installed a CMS on the webspace but my password 
> wouldn?t accepted"
> Support worked a long time to find out that the user was trying to login 
> to the Blueonyx-Admin and
> not the CMS of the User.
> The Install wasn?t the problem because the directory was /install, but 
> then the Admin was /admin.
> And if you have some customer without too much technical knowhow then 
> you get silly.
> 
> That?s the reason why I have deleted all the /admin-Redirects.
> Joachim
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx




------------------------------

_______________________________________________
Blueonyx mailing list
Blueonyx at blueonyx.it
http://www.blueonyx.it/mailman/listinfo/blueonyx


End of Blueonyx Digest, Vol 21, Issue 34
****************************************

More information about the Blueonyx mailing list