Changing extension on admin.php

Posted: Sun Aug 28, 2005 3:08 pm

While it's great that "admin.php" can be changed to something else in the config file, I noticed that in index.php, mainfile.php and most of the admin files have the ".php" extension hardcoded:

Code:

$admin_file.".php

I would rather not to use .php at all, just set up a handler in Apache to recognize different extensions as a php file. I know I can do this by just changing .php in the coding example I used above, but can it be edited so different extensions can be used without recoding the files over and over? For example, if I wanted "admin.php" to be "secret.abc" one month and then "hidden.xtp" the next without editing code again.

registered · Posted: Sun Aug 28, 2005 3:31 pm

Short answer: I suppose. However...

Long answer: I've tried different OSs over the years, and when I was running CGI over IIS, I used to have to rename the admin files, and it was a real pain. That is, I would put the proper extension on the files to use them, do maintenance, then rename them afterwards.

What I do now is make it so 'admin.php' can only be auth'ed from this IP. LoL! Now, I can't admin my site from work or wherever, which is sort of a pain, but not as bad as renaming files. Wink

You might find this interesting...

http://www.ravenphpscripts.com/postp23004.html

Posted: Sun Aug 28, 2005 5:44 pm

Heh! Here's a cute one for you, ladysilver!

I tweaked the hack (listed above) and got rid of the admin login box for non-trusted IPs.

Check it out... http://www.lenon.com/admin.php

Would you be interested in something like this? It's a 'keeper' for me... Dance-Y

Posted: Sun Aug 28, 2005 5:51 pm

Thanks for posting that link, VinDSL. Smile

I will make a place for it in my webmaster's bag o' tricks.

Posted: Sun Aug 28, 2005 7:44 pm

My pleasure!

The hack, posted above, doesn't get rid of the login box. It justs give you a 'warning' and displays the login box anyway, i.e. for the hackers' use, I guess. Rolling Eyes

If you're interested in my tweak, which gets rid of the login box for non-trusted IPs, let me know and I'll post it here. It's not too hard to figure out, if you look at the original hack...

Posted: Sun Aug 28, 2005 11:35 pm

I *really* like this hack, so I decided to post my tweak in the original thread...

If you're interested: http://www.ravenphpscripts.com/postp45985.html Wink

Posted: Wed Aug 31, 2005 2:49 am

OMG!

I couldn't figure out why I wasn't getting any positive feedback from this paradigmatic tweak. Then I realized, today, that 'you' aren't seeing what I'm seeing, from this IP.

Why?

I am protected on so many levels that it's like peeling the 'skin' off an onion. That is, I have layer upon layer of protection on my web site, out of necessity -- being a prime target of hackers, especially Persians.

The fact of the matter is, 'you' could not see my tweak because 'you' were being redirected to my main page before getting to this tertiary layer of protection -- the tweak itself.

Gawd! I know this doesn't make any sense to most of you, but the bottom line is -- I've lowered my shields so you can (hopefully) see the effects of the tweak at hand.

If I get hacked by dropping the first couple of layers of defense, so be it, but I doubt this will happen. I think this tweak, alone, is enough to suffice. We will shortly see...

So, without additional bustle, tell me if you can see the fruit-of-my-labor now...

http://lenon.com/admin.php

You should be presented with a warning, and NO admin login block. If this isn't the case, please let me know. I plan to publish this elsewhere, if everything works out -- I feel that strongly about it.

Hopefully I haven't 'screwed the pooch', so to speak. Timing is everything, and I know the tide is against me at this point.

Sorry for this foopah, but nobody is perfect... Wink

Posted: Thu Sep 01, 2005 12:03 am

Works for me "You have entered a restricted area..."
Cool!!