For security Issue change the administrator URL How?

[aristotle2008]

Hi,

For security purpose i want to change the administrator URL, i want to open the administrator URL in different URL, please any idea do u have please reply me back. Avoid the identification of joomla website, somebody easily identify whether the site is joomla or not using this following method.(http://example.com/administrator), so easily identify and hack the site. To avoid this issue any idea you have kindly please advice me.

[mandville]

full details are in the sticky here How to change/hide the administrator Url (instructions)

[Z9iT]

To secure your admin directory , you can use extentins like secure.
kind read this thread aswell http://forum.joomla.org/viewtopic.php?f=470&t=681814

I think this thread should be locked, as its reffering to the same thing previously discussed.

[brian]

There are a million ways to identify a site as being joomla - the administrator url is just one and certainly not worth the effort to move

[Z9iT]

I agree with you @Brian
, Infact what i think is that doing a password protect to the admin directory is more than enough. One should concentrate on overall server security

[speedziarz]

There is one simple way to do this -> backendtoken plugin and You can have url with token and redirect from other url to whatever url you want

[aristotle2008]

Hi,

I agree that many ways here to identify joomla site, but administrator is one fo the path easily find it. Anyways thanks for your advice..

[Z9iT]

@aristotle
have you gone across this thread??
http://forum.joomla.org/viewtopic.php?f=470&t=681814

if you want to secure joomla admin directory, then that thread is sufficient, however this doesnot implicate that your website is safe all together... you have to first secure your server.

[aristotle2008]

Thanks for your advice...

[Z9iT]

welcome my friend.... anywayz, I would love to hear more from you if you find something even more useful.... experience increases by time, n you may find something more powerful.... please do share then...

[aristotle2008]

Thanks friend, Wish u happy new year to you and your family, your wishes comes true in this year....2012.

[mandville]

if topic is solved then we will mark it as such

[aristotle2008]

Hi,

There is no solution for this question...

[mandville]

There is no solution for this question...

i believe that you were given the solution in both my post and brian's
I am not sure how redirecting to a honeypot as linked twice by z9it will be of any use.
The answers to your question in plain type are
* there are numerous markers to your site being joomla
* you can not (without breaking your site) just change the admin url

most attack bots will not care how a site is built, or attack just the admin url, they look for other common vulnerable extensions.
Go through security checklist 7 for more server security advice and how to protect your site

How to change/hide the administrator Url (instructions)- http://forum.joomla.org/viewtopic.php?f=432&t=611287
Security checklist 7 - http://docs.joomla.org/Security_Checklist_7

I think this thread should be locked, as its reffering to the same thing previously discussed.

totaly agree with your thoughts which is why i asked if it was solved but some people still do not read and the link i posted I will give aristotle2008 chance to respond before possibly doing so.

[aristotle2008]

Hi,

Thanks its very useful to me.....

[bobbykjack]

Please note, this is NOT just an issue for identification of server software. It is also preferable to change the admin URL in order to prevent brute-force attacks on the password. Of course, this is not an excuse for lazy passwords, but a brute-force attack can easily turn into a DOS attack, especially when Joomla 1.5 - seemingly - creates a new session every time a POST is sent to the admin URL.

Has this been fixed in more recent versions?