Fresh Ravennuke install. admin.php is accessible to to Anon

New Member Joined: Jul 04, 2011 Posts: 13

I have a fresh Ravennuke install.
It looks like admin.php is accessible to to Anonymous (not logged in users.)

That can only lead to pain and suffering.

What did I do wrong? Can file permissions do that? How can I secure it again. Did I miss something in the install?

HELP

Keith

Posted: Fri Jul 08, 2011 9:42 pm

Not really sure what you are trying to say. Do you mean it is no longer asking you for a user and password BEFORE you can login as an admin? If so this is setup via nuke sentinel.

Posted: Fri Jul 08, 2011 9:44 pm

Yes that is what I mean. The admin module can be accessed by people that are not even logged in.

I will take a look in the nuke sentinel config. I am new to Ravennuke, I was using php-nuke 8.0 prior to this.

Keith

Posted: Fri Jul 08, 2011 9:47 pm

I am looking in the nuke sentinel admin panel, and I do not see anywhere that I can limit access to admin.php. Am I looking in the wrong area. Did I miss the Sentinel config?

Keith

Posted: Fri Jul 08, 2011 10:12 pm

It just fooled me. I was logged in as an admin but not a normal user. Sorry for the alarm and thanks for the help.

Keith

Posted: Sat Jul 09, 2011 7:59 am

keithdubya wrote:

I am looking in the nuke sentinel admin panel, and I do not see anywhere that I can limit access to admin.php.

Actually Keith, you can with "Admin Auth" under the general settings of N.S. This will protect your admin.php as it requires a server level login prior to the admin.php login.

Also... Here is the topic I started the first time I setup Admin Auth. Might help you out.
http://www.ravenphpscripts.com/postt19332.html

P.s. make sure you're logged in as the superadmin. Wink