[BlueOnyx:05457] Re: Dealing with /admin URL 'hijacking

Stephanie Sullivan ses at aviaweb.com
Fri Sep 24 09:08:37 -05 2010 

Jeff,

I've yet to meet a decent CMS or shopping cart that does not allow (most
even encourage) changing the default path to the admin section of the code.
Usually there is some configuration file which carries the base path for the
CMS so it can readily be something other than "/admin". I hope this applied
to this hereto fore unnamed CMS.

	Thanks,
		-Stephnaie


> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-
> bounces at blueonyx.it] On Behalf Of Jeff Jones
> Sent: Thursday, September 23, 2010 10:23 AM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:05453] Re: Dealing with /admin URL 'hijacking
> 
> Yes - I can get to the CMS using the absolute path - the only problem
> is that with this particular CMS - it makes calls to /admin in the
> GUI - and this then redirects back to the BX Admin!
> 
> So the silver bullet is to either remove or rename the admin
> redirect..
> 
> Cheers,
> 
> Jeff
> 
> On 23 Sep 2010, at 15:12, Klein Joachim wrote:
> 
> >  Am 23.09.2010 15:55, schrieb Chris Gebhardt - VIRTBIZ Internet:
> >> Jeff Jones wrote:
> >>> Hi guys,
> >>>
> >>> We have a web CMS on a BX box that has a url /admin and
> unfortunately it does not appear easy to change this admin URL much
> to my disgust.
> >>>
> >>> I think I have seen some posts around - but I am not sure if
> anyone managed to find an easy way to change the BX /admin url to
> something a little less easier to guess.
> >> Something that you try in order to avoid tinkering would be to use
> the
> >> page name in the URL of the CMS admin, likely "index.php".  So
> instead
> >> of going to www.domain.tld/admin go to
> www.domain.tld/admin/index.php
> >> and I bet your CMS management page pops up.
> >>
> > Hy Chris!
> >
> > That´s right - but tell this the customer.
> > I´m using also only the /admin-part and not the complete one.
> > I had a customer who called me with exact this problem.
> >
> > Customer: "I have installed a CMS on the webspace but my password
> > wouldn´t accepted"
> > Support worked a long time to find out that the user was trying to
> login
> > to the Blueonyx-Admin and
> > not the CMS of the User.
> > The Install wasn´t the problem because the directory was /install,
> but
> > then the Admin was /admin.
> > And if you have some customer without too much technical knowhow
> then
> > you get silly.
> >
> > That´s the reason why I have deleted all the /admin-Redirects.
> > Joachim
> >
> > _______________________________________________
> > Blueonyx mailing list
> > Blueonyx at blueonyx.it
> > http://www.blueonyx.it/mailman/listinfo/blueonyx
> 
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list