Can file \html\admin.php and folder \html\admin be renamed?

Worker Joined: Jun 21, 2010 Posts: 102

Can file \html\admin.php and folder \html\admin be renamed to whatever, or the paths should not be changed? If it’s possible and complicated forget it.

Thank you.

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Hi Mike,

I've found that using admin authentication (directives in your .htaccess file to require a user and password to access admin.php) is very effective at blocking unauthorized admin access. You can also use htaccess to limit access to your admin folder.

That said, you can rename the admin file (admin.php) to something else .php in your config file (either config or rnconfig.php):

Code:

$admin_file = 'admin';

Although there is also a defined variable for the admin folder, I would not recommend changing that as it is likely hard-coded in your custom modules and / or the standard modules.

Posted: Tue Feb 04, 2014 4:43 am

Unfortunately my server recognize .htaccess and similar files as invalid filenames for security reasons. I’m not able to upload these type of files to the server.

Are you also saying that it is safe to rename file \html\admin.php to whatever I want in either \html\config.php or \html\rnconfig.php? Will this allow me to rename file \html\admin.php itself as long as it is registered in either \html\config.php or \html\rnconfig.php?

The current folder settings for \html\admin is 775. Can restrictions be change here by changing the folder permissions or by password protecting the folder?

Thanks.

registered · Site Admin Joined: Aug 22, 2007 Posts: 1775

It sounds like you are using yahoo hosting. They are not using the apache2 webserver. I would suggest you to think about a move to another hoster. You can't use a lot of of amazing stuff without the htaccess support.

kguske is right. Its not recommend changing that as it is likely hard-coded in so many modules. Its also not recommend to change the name of the admin folder, because you would brick the whole system. The password protection of a folder works with htaccess... so now you should really think about a move!

http://rnwiki.ravennuke.com/wiki/RavenNuke2:About#Resource_Requirements_Needed

Posted: Tue Feb 04, 2014 8:50 pm

neralex and kguske thanks.

I will consider all that was said. Smile

Posted: Thu Feb 06, 2014 5:11 am

Just so you know, the ability of renaming admin.php through the setting in config.php is an artefact of the old PHP-Nuke system. In old versions of php-nuke, there where so many security issues (a lot accessed through admin.php) that instead of fixing the problems, the author decided to allow the renaming of the admin file to make it slightly harder for the script kiddies as they then had to guess the admin.php file name, though he should have used a constant and not a variable but that's another story.
It was only retained in RavenNuke(tm) for backward compatibility because most users migrated from php-nuke to RavenNuke(tm) and most of the modules at that time used $admin_file in their code instead of admin.php.

As others have said though, if your server allows htaccess directives, it is always a good idea to password protect the admin directory and that applies to ANY software where you have all your admin functions in one directory as a basic security precaution.

Posted: Sun Feb 09, 2014 6:59 am

RavenNuke seems to run normal with the folder \html\admin password protected. I have no problems signing in as a user, admin or just browsing the site as a guest.

I may have missed the point that it’s ok to password protect the \html\admin folder with out .htaccess files.

Is it normal for RavenNuke to run with the folder protected?

Thank you.

Posted: Sun Feb 09, 2014 12:21 pm

Password protecting the directory shouldn't be a problem and it is good practise to do so. The only issue you might encounter is if you have a number of site administrators because you'll need to set them all up with their own unique password.