| Author |
Message |
zlmark
Regular
Joined: Sep 25, 2006
Posts: 57
|
 Posted:
Fri Mar 30, 2007 9:06 pm |
|
Code:<Files .staccess>
deny from all
</Files>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted Forum Area"
AuthType Basic
AuthUserFile
# -------------------------------------------
# Start of NukeSentinel(tm) ********admin.php Auth
# -------------------------------------------
<Files access/.staccess>
deny from all
</Files>
<Files ********admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/*********/public_html/access/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) ********admin.php Auth
# -------------------------------------------
|
Forum admin blocked from me. I have this copied from my .htaccess in the access folder in the root. I have no prompt for username and password when i access admin but it is blocking the hackers. RN2.10 NSN 2.5.06 Is this code correct? |
| |
|
|
|
zlmark
|
| Posted:
Sat Mar 31, 2007 3:16 pm |
|
Ok I fixed the main admin access and now getting the popup dialog prompting me for username and password. but still no access to forum admin. I'm worried about this because the last block notification email showed they tried to access the forum admin. i want to make sure this is set correctly |
| |
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
|
| Posted:
Sat Mar 31, 2007 3:35 pm |
|
What is happening when you to access the forum admin? |
| |
|
|
|
|
zlmark
|
| Posted:
Sat Mar 31, 2007 5:15 pm |
|
Internal Server Error
Referred From : http://www.**********.com/*******admin.php?op=adminMain
Your IP : ***********
The Page Requested: /modules/Forums/admin/index.php
Agent : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Redirect Status : 500 |
| |
|
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Sat Mar 31, 2007 6:40 pm |
|
Your .htaccess and .staccess files are under modules/Forums/admin, right? |
_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module |
|
|
|
|
zlmark
|
| Posted:
Sat Mar 31, 2007 7:07 pm |
|
| Quote: | There are numerous attempts from hackers to try and exploit the Forums admin scripts by calling them directly. It is recommended that you also protect the entire modules/Forums/admin folder with a similar approach to admin authentication.
If you are using "CGIAuth", rename the rn.htaccess file that is in modules/Forums/admin to .htaccess and then modify the line for AuthUserFile to match what you have within the .htaccess file that is in the root of your RavenNukeā¢ installation. This will also protect your Forums admin folder using the same NukeSentinelā¢ admin auth userid and password! |
I don't see that requirement here. Is that what will make it work? |
| |
|
|
|
|
Gremmie
|
| Posted:
Sat Mar 31, 2007 9:03 pm |
|
Well, I'm no Apache expert...here is how I have it.
I have a pair of .htaccess and .staccess files in my root directory to protect my admin.php file (and other stuff).
And then I have a similar pair in modules/Forums/admin to protect the forums admin.php file.
That paragraph you quote, I believe, is trying to tell you to rename the rn.htaccess, etc files under modules/Forums/admin (but still keep them under modules/Forums/admin). |
| |
|
|
|
|
zlmark
|
| Posted:
Sat Mar 31, 2007 9:19 pm |
|
|
|
|
|
zlmark
|
| Posted:
Thu Apr 05, 2007 7:13 am |
|
Could you pm me the text in your htaccess and staccess that is in your modules/Forums/admin Gremmie for comparision. I really want to get this working. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
