[BlueOnyx:05458] Re: Dealing with /admin URL 'hijacking
Abdul Rashid Abdullah
webmaster at muntada.com
Sat Sep 25 08:47:28 -05 2010
Stephanie hit the nose on the target. I would prefer to modify the CMS
rather than BlueOnyx. When you migrate to a new system, you will deal with
the issue all over again. It is best to change it upfront.
PLUS I am not sure who said something about BlueOnyx security and they
deleted it for that reason but I would say that it is FAR better to rename
the admin of a CMS as there is by far a higher likelihood of an exploit on
the CMS than on BlueOnyx coming into play. Zen Cart as an example EXPLICTLY
encourages all of the users to rename to something unique and specifically
warns you if I am remembering correctly if you don't do it. It is one of
their counter measures for not getting hacked.
Regards,
Rashid
On 9/24/10 7:08 AM, "Stephanie Sullivan" <ses at aviaweb.com> wrote:
> Jeff,
>
> I've yet to meet a decent CMS or shopping cart that does not allow (most
> even encourage) changing the default path to the admin section of the code.
> Usually there is some configuration file which carries the base path for the
> CMS so it can readily be something other than "/admin". I hope this applied
> to this hereto fore unnamed CMS.
>
> Thanks,
> -Stephnaie
>
>
>> -----Original Message-----
>> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-
>> bounces at blueonyx.it] On Behalf Of Jeff Jones
>> Sent: Thursday, September 23, 2010 10:23 AM
>> To: BlueOnyx General Mailing List
>> Subject: [BlueOnyx:05453] Re: Dealing with /admin URL 'hijacking
>>
>> Yes - I can get to the CMS using the absolute path - the only problem
>> is that with this particular CMS - it makes calls to /admin in the
>> GUI - and this then redirects back to the BX Admin!
>>
>> So the silver bullet is to either remove or rename the admin
>> redirect..
>>
>> Cheers,
>>
>> Jeff
>>
>> On 23 Sep 2010, at 15:12, Klein Joachim wrote:
>>
>>> Am 23.09.2010 15:55, schrieb Chris Gebhardt - VIRTBIZ Internet:
>>>> Jeff Jones wrote:
>>>>> Hi guys,
>>>>>
>>>>> We have a web CMS on a BX box that has a url /admin and
>> unfortunately it does not appear easy to change this admin URL much
>> to my disgust.
>>>>>
>>>>> I think I have seen some posts around - but I am not sure if
>> anyone managed to find an easy way to change the BX /admin url to
>> something a little less easier to guess.
>>>> Something that you try in order to avoid tinkering would be to use
>> the
>>>> page name in the URL of the CMS admin, likely "index.php". So
>> instead
>>>> of going to www.domain.tld/admin go to
>> www.domain.tld/admin/index.php
>>>> and I bet your CMS management page pops up.
>>>>
>>> Hy Chris!
>>>
>>> That´s right - but tell this the customer.
>>> I´m using also only the /admin-part and not the complete one.
>>> I had a customer who called me with exact this problem.
>>>
>>> Customer: "I have installed a CMS on the webspace but my password
>>> wouldn´t accepted"
>>> Support worked a long time to find out that the user was trying to
>> login
>>> to the Blueonyx-Admin and
>>> not the CMS of the User.
>>> The Install wasn´t the problem because the directory was /install,
>> but
>>> then the Admin was /admin.
>>> And if you have some customer without too much technical knowhow
>> then
>>> you get silly.
>>>
>>> That´s the reason why I have deleted all the /admin-Redirects.
>>> Joachim
>>>
>>> _______________________________________________
>>> Blueonyx mailing list
>>> Blueonyx at blueonyx.it
>>> http://www.blueonyx.it/mailman/listinfo/blueonyx
>>
>>
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at blueonyx.it
>> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
>
More information about the Blueonyx
mailing list