OSCOMMERCE SUPPORT CALL 702-453-3332
 

Help - Search - Members - Calendar
Full Version: Install Guide: Securing the "admin" Folder
osCommerce Community Support Forums > osCommerce Online Merchant v2.x > Tips and Tricks
wakerider017
May 12 2006, 03:50 AM
I thought I would share how to secure the "admin" folder by means of changing the folders name.


1. Open your FTP client and locate the file >catalog>admin>includes>configure.php

2. Download configure.php and open it with a text editor

3. Next locate the following lines:

CODE
define('DIR_WS_ADMIN', '/admin/'); // absolute path required



CODE
define('DIR_FS_ADMIN', '/XxXxXx/XxXxXx/XxXxXx/XxXxXx/htdocs/store/catalog/admin/'); // absolute pate required


NOTE the X's are just place holders.

4. In the two lines above replace admin with the new SECRET file name. Like below:

CODE
define('DIR_WS_ADMIN', '/secret_file_name_here/'); // absolute path required



CODE
define('DIR_FS_ADMIN', '/XxXxXx/XxXxXx/XxXxXx/XxXxXx/htdocs/store/catalog/secret_file_name_here/'); // absolute pate required



5. Now save the file and upload it to the server. You will need to replace the old >catalog>admin>includes>configure.php

6. Now go back to the catalog folder and change the "admin" folder's name to your new SECRET file name.


In this case the file admin would be changed to secret_file_name_here



7. You are done!
grayfriar2001
May 14 2006, 09:47 AM
Wakerider,
Hey, I went to secure my admin like you said above but could never locate the line "define (DIR_WS or DIR_FS) either one? I am suppose to use the configure.php file in /catalog/admin, right?

Thanks in advance,

Gray~
grayfriar2001
May 14 2006, 10:00 AM
(continued from above....)

Or is it the one that is in /catalog/admin/includes/configure.php?

This file has the following code:
CODE
<?php
/*
  $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2002 osCommerce

  Released under the GNU General Public License
*/

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
  define('HTTP_SERVER', 'http://phunpillows.com/OSCommerce/'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
  define('HTTP_CATALOG_SERVER', '');
  define('HTTPS_CATALOG_SERVER', 'https://phunpillows.com/OSCommerce/');
  define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module
  define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
  define('DIR_WS_ADMIN', '/catalog/admin/');
  define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
  define('DIR_WS_CATALOG', '/OSCommerce/catalog/');
  define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
define('DB_SERVER', '*****'); // eg, localhost - should not be empty for productive servers
  define('DB_SERVER_USERNAME', '*****');
  define('DB_SERVER_PASSWORD', '*****');
  define('DB_DATABASE', '*****');
  define('USE_PCONNECT', 'false');
  define('STORE_SESSIONS', '');
?>

Thanks in advance,

Gray~
Davefromcornwall
May 14 2008, 11:27 AM
QUOTE (wakerider017 @ May 12 2006, 04:50 AM) *
I thought I would share how to secure the "admin" folder by means of changing the folders name.
1. Open your FTP client and locate the file >catalog>admin>includes>configure.php

2. Download configure.php and open it with a text editor

3. Next locate the following lines:

CODE
define('DIR_WS_ADMIN', '/admin/'); // absolute path required

CODE
define('DIR_FS_ADMIN', '/XxXxXx/XxXxXx/XxXxXx/XxXxXx/htdocs/store/catalog/admin/'); // absolute pate required


NOTE the X's are just place holders.

4. In the two lines above replace admin with the new SECRET file name. Like below:

CODE
define('DIR_WS_ADMIN', '/secret_file_name_here/'); // absolute path required

CODE
define('DIR_FS_ADMIN', '/XxXxXx/XxXxXx/XxXxXx/XxXxXx/htdocs/store/catalog/secret_file_name_here/'); // absolute pate required

5. Now save the file and upload it to the server. You will need to replace the old >catalog>admin>includes>configure.php

6. Now go back to the catalog folder and change the "admin" folder's name to your new SECRET file name.
In this case the file admin would be changed to secret_file_name_here
7. You are done!

Thanks for this tip.

It works great, and it seems like a good idea to make it as difficult as possible for people to access the admin area.
mme
May 19 2008, 04:04 AM
Also you might want to secure it by adding .httaccess to the admin folder.

If you are using CPanel:

jay2xra
Jun 9 2008, 10:01 AM
QUOTE (mme @ May 19 2008, 04:04 AM) *
Also you might want to secure it by adding .httaccess to the admin folder.

If you are using CPanel:




why not add an htaccess file and restrict just your IP address.

<LIMIT GET HEAD POST>
order allow,deny
allow from my_ip
</LIMIT>
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.