Is it some way to protect "admin.cgi" from other people to view? my categories in the "admin.cgi" had deleted a few times by "those people who have nothing to do". Please give me a hint...... thx guys.

Mmm well most people use .htaccess/.htaccess but that depends on your web server.

e................ But my web sever doesn't support .htaccess/.htaccess. So what else can I do? Is there some way to protect it without .htaccess/.htaccess??

Perhaps, but without knowing the webserver I'd be guessing

There are lots of cgi-based security scripts out there. I haven't tried any, but this one looked easy:

http://www.supernovacomputers.com/...in/main?doc=freepass

There are more here: http://cgi.resourceindex.com/...Password_Protection/


Leonard
aka PerlFlunkie

cgi based security is poop especially when trying to protect Links2.

A simpler way might be to rename the admin directory, so it is not using the 'standard' Links name. Rename the directory (NOT the files!) to whatever you want, and edit links.cfg to reflect the changes.

From this:
To this: (example)
Change the PATH/URL to the admin directory ONLY, and keep the public cgi (add, search, etc) where it is (mysite.com/cgi-bin/links) so that you are not revealing where you put your admin.


Leonard
aka PerlFlunkie

Hmm still not a very secure solution.

It would be better setting up Links2 so that your data files are in a non web accessible location.

Yeah, but...

For a simple way to protect without using .htaccess, try this:

http://cgi-resource.co.uk/pages/password.shtml


Leonard
aka PerlFlunkie

It doesn't protect the vital data, I could just link to links.cfg and download it.

PerlFlunkie, I don't really get your idea of changing code, once you change $db_script_path and $db_dir_url , you also have to change $db_cgi_url as well to get the admin.cgi to work properly. I've tried your idea, but it pops up a windows asks to download when I try to load the admin.cgi. Maybe I did something wrong during the procedure, can you please advice me once again? thx....

http://cgi-resource.co.uk/pages/password.shtml

This method also doesn't work at my webserver.

It also require .htaccess to run it. When I try to login once I've done the method from above, it doesn't ask for any password then I can get through of my admin.cgi.

Ok, I see where I made a boo-boo...

I'm only going to use URL examples, you can figure out the PATH from that. If your original location was

http://mysite.com/...inks/admin/admin.cgi and

http://mysite.com/cgi-bin/links/add.cgi

then move the whole admin directory into a new directory, like so

http://mysite.com/...skin/admin/admin.cgi

but keep the public cgi (add, etc) the same as it was. I just tested this on a test-copy of links I have set up, and it worked ok. Be sure to check the directory permissions are OK (755).
-------------------

The second link I posted above (cgi-resource.uk) includes this note about the mod, so it should work without .htaccess



Maybe using that mod AND the directory change will help with your situation...?


Leonard
aka PerlFlunkie

I got the idea of changing code now. Thankx so much! But still can't think out this {http://cgi-resource.co.uk/pages/password.shtml} little thing how it works. Thanks everyone for helping.....

I just spent two hours trying to get that mod to work, without success.

I did some searching here for a fix, but didn't find one. Anyone out there know if there's a trick to it? I changed the form action to a full URL, which at least brought me a login screen, but it takes me to a 500 error page. The password and timer files are created, and timer has an entry, but password.txt remains empty, which is obviously a problem... Also, the ip logging writes a file like "12.345.678" in the admin directory; should it create a .txt, .db or a directory?

My error log shows me what should appear as an HTML error page (...not authorized...try again...), but no actual error. Old posts in these forums contain an unfortunately high number of dead links, and they're always the ones that sound like they can tell you just exactly what you need to know...



Sidenote... change everything in your data directory (except the hits and rates dirs) to chmod 600, which will keep others from being able to write to(or erase, or even read) the data inside. Correct? Oh, and make admin.cgi chmod 700, which will allow you (the owner) to read/write/execute, but block all others. I may be wrong about this...


+++++++++++++++++++++++

ALSO, if you use the directory change thing posted above, you will need to go into the public cgi files (add, search, jump, etc) and where it says

require "/admin/links.cfg"; # Change this to full path to links.cfg if you have problems.

enter the FULL PATH to links.cfg, so in the above posted example it should be like:

/full/path/to/mysite/cgi-bin/links/rumplestiltskin/admin/links.cfg


+++++++++++++++++++

Soft2k, I see I was writing this while you were writing your next post...

#############

Yet another note, when you are promted to download a file, choose the view option, and it should open a little window that will contain an error message, giving a clue to what's wrong and where to look.


Leonard
aka PerlFlunkie

Found a problem. For this method: [http://mysite.com/...inks/admin/admin.cgi and

http://mysite.com/cgi-bin/links/add.cgi

then move the whole admin directory into a new directory, like so

http://mysite.com/...skin/admin/admin.cgi]

Once I change the directory, those cgi file doesn't work on my site. It comes with a download window. Please help!!!!!

I don't know how often you run the script

but if I cannot protect it and I don't want people to access it

I would set the permission to 644 when not in use
then set it back to 755 only when I need it


SP, Woodring

==============================
You can Actually Make Money with Links 2.0
All you need is the...
ClickBank Search Engine Database for Links 2.0
http://www.ClickOtunity.com