Okay, I know this is the most widely found question on the entirety of the forums, but I searched and searched with that funtion to no avail to find the post I had seen before, which told how to "pseudo protect" your admin.cgi by renaming it to something else. I was wondering what references to this script would have to be changed to get this to work? And before you complain, I will tell you that our server, yes, does suck very badly, but they are a fast connection, unlimited space, and unlimited bandwidth for 20 bucks a month, so I'm not complaining. The suckyness I refer to is not being able to password protect via htaccess folders inside the cgi-bin (yes, this problem is more widespread than you thought) and no telnet access. The only option I have to password protect it is to rename it to whatever, and just know what it is. I will respond to any replies you can give me, and yes, I spent at least an hour searching the boards, so don't tell me to do it again, please, I beg of you =x.x=;

This has been discussed before...you need to use the Lockit script, which is a third party script. And yes, you will need to search the forums for lockit. And if you follow the suggestions I gave in the Discussion Forum for searching the support forums, you SHOULD find relevant Threads where the lockit script is linked.

Good luck!

Regards,

Eliot Lee

Alright, that is a nice script, and it would be great if my server wasn't running cgiwrap, which causes it to attempt to password protect my entire cgi-bin(!) Whee. Alright, I'm going to actually have to use another method, if you know of one...my server, yes, does suck as I said earlier. I do however, now use that handy htaccess script on my slow homeserver, although actually making the .htaccess files wasn't a problem for me. I'm not stupid at making the files, just the server should be bapkilled. But as I said, low cost, hi bandwidth, and unlimited space...ugh. Thanks for any more help you can give me!

Renaming files to another name is NOT secure at all. It looks like you will have to contend with the risk of being hacked on a continuous basis.

Good luck!

Regards,

Eliot Lee

Well, it's really all I can do at this point, but thanks for your help anyway. If anyone else has some ideas, feel free to post. I did seem to hear about a mod way back when, but it has since been deleted... I suppose I'll just CHMOD it back and forth when i need it for now tho...

Hi,
This idea is a slow process but it is secure. You can always delete the admin.cgi and upload it when you need to use it. This way nobody will get in there.

I had a friend have an idea also, he said that I might try putting this right after the path to perl:
die 'You are not allowed' unless($ENV{REMOTE_ADDR} eq '111.11.111.11');

(where those number would be my static IP)
I'm not sure if it will work, but I'll be trying that also =^_^=

That should work very well.

Again...not very secure...some ISPs mask IP addresses, which means that if
there is no IP address assigned, then you could easily access the script.

The best solution as I have stated to you before is to change the permission
of the admin script to 444 when you are not using it, then change it to 755
when you want to use it.

Regards,

Eliot Lee

Thanks for the tip Eliot