Gossamer Forum
Home : Products : Gossamer Links : Discussions :

[Security suggestion] Check your admin passwords

Quote Reply
[Security suggestion] Check your admin passwords
This is a reply to the following Announcement post of Alex:
Check your admin passwords


Alex,

I posted several times, that there is a serious need to be able to rename the default admin.cgi script name and the admin directory name.
This can be a secondary security protection against the hacker bots, which are looking for LinksSQL installations, and try to locate and do dictionary and security hole attacks against the admin.cgi.
As I remember, the admin/admin.cgi path currently is hardcoded into scripts and templates. This should be changed to be variable based, so the site owner would be allowed to rename admin directory & script name.

For example would be possible to hide the admin interface from prying eyes like this:
/adm843/639admin.cgi
or
/sec_admin_kjhl/secure_admin_lkwjf.cgi
or
/admindir/admin8364.cgi
etc...

This kind of solutions could highly increase admin interface security.
Could be even more comfortable, if on the admin Setup page there would be a tool, which could rename the admin directory, rename admin.cgi upon fillin a small form, and do changes in the config.
Also in the LSQL installer could be an option to change admin directory name, and admin.cgi name (userful for new users, new installations).


Alex, if you are worrying about security of LSQL admin interfaces, then please put this feature to the first place of your TODO list!!!

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Quote Reply
Re: [webmaster33] [Security suggestion] Check your admin passwords In reply to
Those Mother f...ing SOBs hacked my site also.
Why don’t you post their links here so who ever wants can try to find their identity or something...
Here is the code I had on my site for probably 5 month
<h5 align="left"> <a href="http://handyzubehoer.be" style="COLOR: #999999; text-decoration: none; cursor: text; font-weight: normal;" onmousemove="status=' '">
</a> Directory</h5>

What is .be domain what state is it? Perhaps someone ca send an email into this country police department and they will squeeze this criminals. Hope someone can come up with some security fix. Pirate
Quote Reply
Re: [modifier] [Security suggestion] Check your admin passwords In reply to
NeoTrace said the handyzubehoer.be is in Germany in town called NÜrnberg
Quote Reply
Re: [modifier] [Security suggestion] Check your admin passwords In reply to
The .be is the domain name extension for Belgium. I am a belgian & from the sound of the name, it I can tell it is from the north of the country. This part of the country share a boundary with Germany & German is spoken in certain parts of the belgian border with Germany. I don't know much about the hackers. Perhaps if you give me more info that canconvince me that they are really dangerous, I can contact some one in the security department in Brussels who is incharge of incharge of internet related crimes.
Quote Reply
Re: [modifier] [Security suggestion] Check your admin passwords In reply to
This might be possible but the .be extension is for Belgium. Dutch is one of the official languages in Belgium & it just sounds like German. Hackers from both countries usually work hand in hand.
Quote Reply
Re: [Soft] [Security suggestion] Check your admin passwords In reply to
The owner of this domain “handyzubehoer.be” should know how his hidden domain appeared in the code of my index page. They are stealing page rank from my high PageRank site. Perhaps it is some stupid student who doesn’t realize this is a crime. I would be very glad if someone would explain to him that this way he can win free tickets to a long vacation behind the bars. If there is some “whois” info for Belgium I would be glad if someone would post it here. Also if you post the link on the security department in Brussels they would probably have something to do. I would be glad if more victims would come and report the URL they have on their site. Perhaps it is the same one I had on my site.

Thanks

Quote Reply
Re: [modifier] [Security suggestion] Check your admin passwords In reply to
In Reply To:
Also if you post the link on the security department in Brussels they would probably have something to do. I would be glad if more victims would come and report the URL they have on their site. Perhaps it is the same one I had on my site.

Thanks


Was your website open due to the fact that you did not password protect your admin dir?

Theo


http://www.atyourspace.com

Quote Reply
Re: [The-o] [Security suggestion] Check your admin passwords In reply to
I had 5 digits password, but it was easy one.
Quote Reply
Re: [modifier] [Security suggestion] Check your admin passwords In reply to
In Reply To:
I had 5 digits password, but it was easy one.


Then shouldn't you blame yourself instead of the hacker?

BTW,
You should send him flowers for not erasing your website, he had the opportunity to do so, but he didn't.

Theo


http://www.atyourspace.com

Quote Reply
Re: [The-o] [Security suggestion] Check your admin passwords In reply to
However this is a felony.
I just think that this guy is pretty naïve when he signed his name on my site.
And if I will ever se someone using the data from my unique database of information I will definitely know where they came from. When you are working 8 years on one site and someone takes your data and than use them on some other site the Google double content filters will penalize your site also. I wouldn’t care this much if this was some unknown new site created by Dmoz import.
Quote Reply
Re: [modifier] [Security suggestion] Check your admin passwords In reply to
Hi webmaster33

Did Alex or anyone from the company ever respond to your very good point?

I may be wrong but my perception is growing that the volume of support by the GT 'management and staff' at the Forums for Links SQL is not what it used to be IMHO?

Steve

Quote Reply
Re: [cuppa] [Security suggestion] Check your admin passwords In reply to
There is nothing wrong with your perception the support is not what it should be.

Until the users stop answering the questions they are going to continue exactly what they been doing.

I'll bet none of them took a business course!