Gossamer Forum
Home : Products : Links 2.0 : Discussions :

is it possible to protect admin.cgi being viewed from someone?

Quote Reply
is it possible to protect admin.cgi being viewed from someone?

Wink Is it some way to protect "admin.cgi" from other people to view? my categories in the "admin.cgi" had deleted a few times by "those people who have nothing to do". Please give me a hint...... thx guys.


Quote Reply
Re: [soft2k] is it possible to protect admin.cgi being viewed from someone? In reply to
Mmm well most people use .htaccess/.htaccess but that depends on your web server.
Quote Reply
Re: [Paul] is it possible to protect admin.cgi being viewed from someone? In reply to
Frown e................ But my web sever doesn't support .htaccess/.htaccess. So what else can I do? Is there some way to protect it without .htaccess/.htaccess??
Quote Reply
Re: [soft2k] is it possible to protect admin.cgi being viewed from someone? In reply to
Perhaps, but without knowing the webserver I'd be guessing Wink
Quote Reply
Re: [Paul] is it possible to protect admin.cgi being viewed from someone? In reply to
There are lots of cgi-based security scripts out there. I haven't tried any, but this one looked easy:

http://www.supernovacomputers.com/...in/main?doc=freepass

There are more here: http://cgi.resourceindex.com/...Password_Protection/


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] is it possible to protect admin.cgi being viewed from someone? In reply to
cgi based security is poop especially when trying to protect Links2.
Quote Reply
Re: [Paul] is it possible to protect admin.cgi being viewed from someone? In reply to
A simpler way might be to rename the admin directory, so it is not using the 'standard' Links name. Rename the directory (NOT the files!) to whatever you want, and edit links.cfg to reflect the changes.

From this:
Code:
# PATH and URL of Admin CGI directory. No Trailing Slash.
$db_script_path = "/path/to/cgi-bin/links/admin";
$db_dir_url = "http://mysite.com/cgi-bin/links/admin";

To this: (example)
Code:
# PATH and URL of Admin CGI directory. No Trailing Slash.
$db_script_path = "/path/to/cgi-bin/rumplestiltskin/admin";
$db_dir_url = "http://mysite.com/cgi-bin/rumplestiltskin/admin";

Change the PATH/URL to the admin directory ONLY, and keep the public cgi (add, search, etc) where it is (mysite.com/cgi-bin/links) so that you are not revealing where you put your admin.


Leonard
aka PerlFlunkie

Last edited by:

PerlFlunkie: Dec 19, 2002, 1:26 PM
Quote Reply
Re: [PerlFlunkie] is it possible to protect admin.cgi being viewed from someone? In reply to
Hmm still not a very secure solution.

It would be better setting up Links2 so that your data files are in a non web accessible location.
Quote Reply
Re: [Paul] is it possible to protect admin.cgi being viewed from someone? In reply to
Yeah, but...

For a simple way to protect without using .htaccess, try this:

http://cgi-resource.co.uk/pages/password.shtml


Leonard
aka PerlFlunkie
Quote Reply
Re: [PerlFlunkie] is it possible to protect admin.cgi being viewed from someone? In reply to
It doesn't protect the vital data, I could just link to links.cfg and download it.
Quote Reply
Re: [PerlFlunkie] is it possible to protect admin.cgi being viewed from someone? In reply to
Smile PerlFlunkie, I don't really get your idea of changing code, once you change $db_script_path and $db_dir_url , you also have to change $db_cgi_url as well to get the admin.cgi to work properly. I've tried your idea, but it pops up a windows asks to download when I try to load the admin.cgi. Maybe I did something wrong during the procedure, can you please advice me once again? thx....
Quote Reply
Re: [PerlFlunkie] is it possible to protect admin.cgi being viewed from someone? In reply to
http://cgi-resource.co.uk/pages/password.shtml

This method also doesn't work at my webserver. Frown

It also require .htaccess to run it. When I try to login once I've done the method from above, it doesn't ask for any password then I can get through of my admin.cgi.
Quote Reply
Re: [soft2k] is it possible to protect admin.cgi being viewed from someone? In reply to
Ok, I see where I made a boo-boo...

I'm only going to use URL examples, you can figure out the PATH from that. If your original location was

http://mysite.com/...inks/admin/admin.cgi and

http://mysite.com/cgi-bin/links/add.cgi

then move the whole admin directory into a new directory, like so

http://mysite.com/...skin/admin/admin.cgi

but keep the public cgi (add, etc) the same as it was. I just tested this on a test-copy of links I have set up, and it worked ok. Be sure to check the directory permissions are OK (755).
-------------------

The second link I posted above (cgi-resource.uk) includes this note about the mod, so it should work without .htaccess

Quote:


Only use it if you can not have .htaccess files etc.. on your server. If you can use .htaccess then use that instead as it'll be more secure. This is not a complete secure solution so I take no responsibility if someone does break into your admin directory with this mod installed. However this is better than just leaving your admin directory unprotected.


Maybe using that mod AND the directory change will help with your situation...?


Leonard
aka PerlFlunkie

Last edited by:

PerlFlunkie: Dec 20, 2002, 6:17 PM
Quote Reply
Re: [PerlFlunkie] is it possible to protect admin.cgi being viewed from someone? In reply to
Wink I got the idea of changing code now. Thankx so much! But still can't think out this {http://cgi-resource.co.uk/pages/password.shtml} little thing how it works. Thanks everyone for helping.....
Quote Reply
Re: [soft2k] is it possible to protect admin.cgi being viewed from someone? In reply to
I just spent two hours trying to get that mod to work, without success.Pirate

I did some searching here for a fix, but didn't find one. Anyone out there know if there's a trick to it? I changed the form action to a full URL, which at least brought me a login screen, but it takes me to a 500 error page. The password and timer files are created, and timer has an entry, but password.txt remains empty, which is obviously a problem... Also, the ip logging writes a file like "12.345.678" in the admin directory; should it create a .txt, .db or a directory?

My error log shows me what should appear as an HTML error page (...not authorized...try again...), but no actual error. Old posts in these forums contain an unfortunately high number of dead links, and they're always the ones that sound like they can tell you just exactly what you need to know...Unsure



Sidenote... change everything in your data directory (except the hits and rates dirs) to chmod 600, which will keep others from being able to write to(or erase, or even read) the data inside. Correct? Oh, and make admin.cgi chmod 700, which will allow you (the owner) to read/write/execute, but block all others. I may be wrong about this...


+++++++++++++++++++++++Blush

ALSO, if you use the directory change thing posted above, you will need to go into the public cgi files (add, search, jump, etc) and where it says

require "/admin/links.cfg"; # Change this to full path to links.cfg if you have problems.

enter the FULL PATH to links.cfg, so in the above posted example it should be like:

/full/path/to/mysite/cgi-bin/links/rumplestiltskin/admin/links.cfg


+++++++++++++++++++

Soft2k, I see I was writing this while you were writing your next post...

#############

Yet another note, when you are promted to download a file, choose the view option, and it should open a little window that will contain an error message, giving a clue to what's wrong and where to look.


Leonard
aka PerlFlunkie

Last edited by:

PerlFlunkie: Dec 20, 2002, 8:45 PM
Quote Reply
Re: [PerlFlunkie] is it possible to protect admin.cgi being viewed from someone? In reply to
Unsure Found a problem. For this method: [http://mysite.com/...inks/admin/admin.cgi and

http://mysite.com/cgi-bin/links/add.cgi

then move the whole admin directory into a new directory, like so

http://mysite.com/...skin/admin/admin.cgi]

Once I change the directory, those cgi file doesn't work on my site. It comes with a download window. Please help!!!!!
Quote Reply
Re: [soft2k] is it possible to protect admin.cgi being viewed from someone? In reply to
I don't know how often you run the script

but if I cannot protect it and I don't want people to access it

I would set the permission to 644 when not in use
then set it back to 755 only when I need it


SP, Woodring

==============================
You can Actually Make Money with Links 2.0
All you need is the...
ClickBank Search Engine Database for Links 2.0
http://www.ClickOtunity.com

Last edited by:

spwoodring: Jan 12, 2003, 9:31 PM