htaccess and admin sections

[Labrocca]

I know most websites use an admincp that has authentication but how many people double up on that authentication with htaccess as well?

I think it's very important because if your site is sql injected and a persona can elevate their own privileges to admin then they usually head straight for admincp. A good way to avoid this is to htaccess protect your admincp which can thwart a hacker and end the penetration level.

[faviouz]

For a MyBB forum, I recommend changing your ACP directory's name and cut off the link to the ACP in every theme.
You can see a lot more here for MyBB protection: http://www.learnmybb.com/forums/thread-83.html

[Rick]

Do you mean setting up a directory password? I usually don't do that, because I don't like entering two passwords just to get in. Although I have changed my admin directory and removed all the links.

[stefanov]

I dont use htaccess for a protection generaly , although its great to prevent "hacking" attempts.
Also permisions should do the trick.

[IndigoRed]

I have it but, my host don't support some plugins, so it kinda sucks, that i cant use any good plugins that i want to use, but it's still good to prevent hacking and everything, i have never been hacked since i started my site, so it's doing a good job.

[.mike]

I have done the .htaccess protection thing in the past, but I've completely forgotten how to do that. Any who, with the type of community I'm running, I don't think there is a need to have more than one administrator managing things. However, this is still a pretty good precaution in the event of an attack on your community. Can anyone direct me on how to set this .htaccess file? Thanks in advance.

[Soldier of Fortune]

I just noticed Go Daddy allows you to do it, it's actually a nice idea. You will have to be rooted to get your forum hacked Well nice!!

[O-D-M]

Hmm never did that. Thanks for the tip, Im gonne use it for my new "project" .

[.mike]

(03-12-2009 02:00 PM)Soldier of Fortune Wrote:  I just noticed Go Daddy allows you to do it, it's actually a nice idea. You will have to be rooted to get your forum hacked Well nice!!

So GoDaddy isn't ALL that useless and icky, huh? This IS a brilliant idea to better secure your forum to discontinue the activities of a malicious user.

(03-12-2009 02:30 PM)O-D-M Wrote:  Hmm never did that. Thanks for the tip, Im gonne use it for my new "project" .

Good luck with your project then =D

[Psinetic]

I just found out about this and I'm trying to learn as much about it as possible. I've already pw protected my admincp directories, but just in case you guy's didn't know, you can set the htaccess files also to deny all ip addresses except your own. so even if they ARE able to somehow crack the password, they still need the right ip to get in, and it's not like they're just gonna guess what your ip is. when it changes, just ftp in and update the htaccess files with your new ip address.