Gossamer Forum
Home : Products : Gossamer Links : Discussions :

Could use help protecting Admin

Quote Reply
Could use help protecting Admin
Hi All,

I could really use some help keeping someone out of our Admin. We've had it password protected since we've been using the program (Links SQL v. 2.0.4). I'm not sure when but this person has added another admin user - which I deleted today but I'm sure he'll be back. He's also altered the build settings. I banned his IP but that means nothing these days. He keeps adding invisible links on our site to his. I'm really fed up as he keeps coming back. Can anyone help me protect the admin better at least temporarily until we can hire someone to secure the site? Would appreciate any advice!

Thanks in advance.
Quote Reply
Re: [Westiegirl] Could use help protecting Admin In reply to
Hello Westiegirl,

I assume, your best option would be to pick even more hard to figure out username/password combination. Or you can try setting up .htaccess in the manner that it "blocks" all the IP's in /admin/ folder except yours(I have not tried this one, but it seems logical solution, till GT setups the features of adding custom path for admin folder).

Hope this helps.

Vishal

Vishal
-------------------------------------------------------

Last edited by:

SWDevil.Com: Dec 16, 2005, 9:42 PM
Quote Reply
Re: [SWDevil.Com] Could use help protecting Admin In reply to
Thanks Vishal,

Here's the thing. He created his own username and password somehow. Even though the admin is protected! He's in there messing with fileman, admin, everything. He doesn't seem to know our original login (or perhaps he does and then made one for himself. Who knows. I'm currently looking over miles of logs to try to find out more). Anyway, having only our IPs accepted would be great. Would you (or someone out there) help me with this? My guess would be something like the following in the admin directory?

Order deny, allow
Deny from all
Allow from myiphere

Would Links SQL still run correctly?

Thanks again!

Last edited by:

Westiegirl: Dec 16, 2005, 10:24 PM
Quote Reply
Re: [Westiegirl] Could use help protecting Admin In reply to
in your admin-htaccess:

order deny, allow
allow from your-ip
deny from all

or deny others:

order deny, allow
deny from other-ip
Quote Reply
Re: [Westiegirl] Could use help protecting Admin In reply to
Hi:

Sounds like you have a real problem there. If you can access your httpd.conf file then this is an even more secure method than using .htaccess.

Add the following to this file:-

<Directory /path/to/links/admin/>
Order deny,allow
Deny from all
Allow from 222.222.2.2 127.0.0.1 (assuming 222.222.2.2 is your IP address)
</Directory>

You normally also add some options to these entries, but as (I am assuming) that your installation is below cgi-bin then these should already be set properly (eg. Options ExecCGI -MultiViews +SymLinksIfOwnerMatch etc).

As I said earlier, this is a better method, in my view, than .htacess at securing your directory.

Is this person getting in via FTP? You should check your FTP logs for this and restrict your users. I would even, if someone other than yourself has FTP access consider deleting all users and starting over with new usernames and passwords. Always connect via SFTP and SSH.

I would also run a spyware program (comprehensive scan) over the computer and/or network you use to access your site - you may have a nasty in there that is catching your keystrokes/passwords etc.

Hope this helps,


Regards,



Clint.
--------------------------
http://AffiliatesDirectory.com
The Affiliate Programs Directory
Quote Reply
Re: [regatta] Could use help protecting Admin In reply to
Thanks regatta & Clint,

I knew that one can allow only their IP via .htaccess however didn't had the code handy. Thank you for helping Westiegirl & me. (I am also going to write it down, just in case I or someone needs it in future.)

Vishal

Vishal
-------------------------------------------------------
Quote Reply
Re: [regatta] Could use help protecting Admin In reply to
Thank you all! This is very helpful information and I feel much better now. Unfortunately, the access log is too large - I've tried to read it. I can only read it with ZTreeWin but the window is very small. Does anyone know of a program I can download on my computer so that I can read this huge log file?

This is truly a learning experience and not one I'm enjoying. I really hate these guys. I have to go through all the pages to make sure there are no more links (I've found two so far). It's like they have an automatic bot that keeps trying to get in now that I've banned the IP. I'm sure this isn't the last I've heard from then.

Off to do my scanning!

Nadine
Quote Reply
Re: [Westiegirl] Could use help protecting Admin In reply to
@westiegirl

you need a logfile analyzer. i use websuxess and sawmill, but both are expensive.

here you find any freeware analyzers:
http://www.tucows.com/...tocols/LogAnalyzers/
Quote Reply
Re: [regatta] Could use help protecting Admin In reply to
Thanks much regatta!
Quote Reply
Re: [regatta] Could use help protecting Admin In reply to
Hi regatta,

I tried adding
order deny, allow
allow from my-ip
deny from all
to the .htaccess and I got an internal server error and the following error in the error log:
links/admin/.htaccess: order takes one argument, 'allow,deny', 'deny,allow', or 'mutual-failure'

I'm definitely a novice so I'm sure I did something wrong. This is what's in the .htaccess to begin with:
AuthUserFile /dir/domain.com/cgi-bin/links/admin/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName Protected
require valid-user

I'm assuming it will not allow the deny/allow after that. I would do it the other way with the httpd.conf file but there are a few conf files I'm finding and I'd rather wait until we get someone with more experience to edit one of these.

Any help would be most appreciated.

Nadine

Edited to add:
Nevermind the above - this worked thanks to Dan.
Order Deny,Allow
Deny from all
Allow from XX.XX.XX.XX



Thanks again everyone!

Nadine

Last edited by:

Westiegirl: Dec 17, 2005, 10:53 AM
Quote Reply
Re: [Westiegirl] Could use help protecting Admin In reply to
Hi Nadine,

They are case sensitive. So try with Allow and Deny will work.

Cheers,

Cheers,

Dat

Programming and creating plugins and templates
Blog
Quote Reply
Re: [tandat] Could use help protecting Admin In reply to
Thanks Dat. It's strange because I've used lowercase to deny IPs from the .htaccess at the root as in:

order allow,deny
deny from ipnumber
allow from all

And it works fine. Is it because it's a different order, different directory? Sorry... quite a novice here. Unsure
Quote Reply
Re: [regatta] Could use help protecting Admin In reply to
In Reply To:
@westiegirl

you need a logfile analyzer. i use websuxess and sawmill, but both are expensive.

here you find any freeware analyzers:
http://www.tucows.com/...tocols/LogAnalyzers/

I downloaded WebLog Expert but it really isn't helping. It's giving me statistics when what I actually need is to be able to search through the log by IP and or by date. The access log I've downloaded is much too large for notepad or other Windows programs (it's several month's worth). Are there any programs that will open the file and let me search (similar to notepad) yet will be able to open such a huge file? I'm sorry but that's the best way I can describe it. I think I actually need a file viewer. Any suggestions?

Thanks again.

Nadine
Quote Reply
Re: [Westiegirl] Could use help protecting Admin In reply to
UltraEdit is able to open and edit such huge file.
I use it as my main, general, development, programming, html editor.

http://www.ultraedit.com
Note, you should change the Config, and set direct file edit option, otherwise will make a copy of you huge file, which I suppose you don't want.

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Quote Reply
Re: [webmaster33] Could use help protecting Admin In reply to
,...or EditPlus :D (I use this)

http://www.editplus.com/

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] Could use help protecting Admin In reply to
Yes, there are several choices Cool

However, I tried several development editors before I choosed UltraEdit, and none was able to beat it.
If you can suggest better one, which is supports Perl, I will try it, I promise.

Let we move this discussion to the following thread:
Perl development editors

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Quote Reply
Re: [webmaster33] Could use help protecting Admin In reply to
Thanks All! I appreciate the suggestions.

Off to download...

Nadine