[22]Admin folder Location

User avatar
baibhav
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Wed Jan 07, 2009 3:37 pm
Location: Kathmandu, Nepal
Contact:

Re: [22]Admin folder Location

Postby baibhav » Sat Jan 10, 2009 1:09 am

Thanx for the nice tips Valc. I saw those. :)
While trying to find the solution to this problem, my fren suggested to use jsecure.
This plugin didn't popped up while searching in Joomla extensions site. WTH!!!

Everyone in this forums please if you haven't tried this plugin, take a look at it.
But it could have other compatibility issues with other components...Though I haven't faced it yet.
Its been cool... ;D

This "administration " path issue is only a part of security hole in Joomla...I guess....
What about the sql-injection???
As I googled and went through several sites.... found that sql-injection is also possible through various fields in components( even the picture browser) lol... :p

So whats the short solution for it???
:pop
Regards,
Baibhav Rajbhandari
http://www.baibhav.com.np
Volunteering http://www.rotaractpds.com.np

andrzejk
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Feb 13, 2009 1:35 pm

Re: [22]Admin folder Location

Postby andrzejk » Fri Feb 13, 2009 1:42 pm

I've just solved this problem of how to change the Admin folder location.
Now I test it and if everything will be ok, I describe it.

Bongo
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sun Jan 22, 2006 11:36 am
Location: SUNDSVALL
Contact:

Re: [22]Admin folder Location

Postby Bongo » Thu Mar 05, 2009 3:17 pm

>This "administration " path issue is only a part of security hole in Joomla...I guess....
> What about the sql-injection???

Let's take one problem at a time.

Three ideas about hardening the administration:

1) Let it be moved at an arbitrary path makes hacking less easy, good. I'd prefer to have the path in the configuration.php. It takes away any use of relative pathes so alot of stuff has to be rewritten. Maybe something for 1.6?

2) having the administrator folder controlled using .htaccess. Makes it somewhat trickier to install for the newbeginners but adds security since that folder could for instance be made accessible only from a certain ip-range. This sounds doable right now?

3) Optionally moved away completely so it can be accessed from anywhere, even using it's own hostname (preferrably inside NAT away from the world) sounds like a great idea but it needs more thinking. Then you still have controll over what ip (the new machine, virtual or not) accesses the database and the public folders. It takes away any use of relative pathes so alot of stuff has to be rewritten. Maybe something for 2.0?

/Per

dolito
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Mon Mar 16, 2009 12:49 pm

Re: [22]Admin folder Location

Postby dolito » Mon Mar 16, 2009 12:54 pm

Hopefully i understand this!?

You want to change all relative path's to absolute? So what's the problem?

When you installed Joomla in /var/www/joomla the relative path to admin is (we all know) ./administrator. If you would change it to ie. /var/lib/joomla-admin the relative path to admin (from joomla dir) is ../../lib/joomla-admin. Isn't it?

dolito

koba
Joomla! Intern
Joomla! Intern
Posts: 98
Joined: Mon May 14, 2007 11:48 am
Contact:

Re: [22]Admin folder Location

Postby koba » Sun Jun 21, 2009 12:08 pm

is there any official solution about changing an administrator path name?

dolito
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Mon Mar 16, 2009 12:49 pm

Re: [22]Admin folder Location

Postby dolito » Sun Jun 21, 2009 12:36 pm

koba wrote:is there any official solution about changing an administrator path name?


I think there is an extension in the JED. Use the search function. ;)

dolito

mirrorball
Joomla! Apprentice
Joomla! Apprentice
Posts: 45
Joined: Mon Oct 03, 2005 12:31 pm

Re: [22]Admin folder Location

Postby mirrorball » Tue Jun 23, 2009 12:39 pm

If setting the name of any paths within Joomla is to become something that can be set at installation for Joomla 1.6 then would it be possible to have a "random name creation" button that creates a strong directory name with letters, numbers and punctuation (if that's allowable for a directory name)?

User avatar
juanparati
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 123
Joined: Thu Nov 08, 2007 6:00 pm
Location: Aarhus (Denmark)

Re: [22]Admin folder Location

Postby juanparati » Thu Jun 25, 2009 9:43 pm

Nice idea! The Joomla administration could be more secure!
From the code to the reality!

charasoverride
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Tue Sep 23, 2008 6:38 am

Re: [22]Admin folder Location

Postby charasoverride » Fri Aug 07, 2009 12:52 pm

If you would like to 'sort of' rename your Joomla administrator directory without having to modify any Joomla code or you don't want to have to use htpasswd to protect that directory, you can achieve it the following way.
This may help limit issues for joomla security in the future.

1. Create a new directory in your root directory (eg. "myadmin")
2. Create an index.php file in your "myadmin" directory..

$admin_cookie_code="1234567890";
setcookie("JoomlaAdminSession",$admin_cookie_code,0,"/");
header("Location: /administrator/index.php");
?>

3. Add this to .htaccess of your real Joomla administrator directory

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/administrator
RewriteCond %{HTTP_COOKIE} !JoomlaAdminSession=1234567890
RewriteRule .* - [L,F]

To enter your Joomla administration page, you point your browser to "http://yoursite.com/myadmin/" The php code will set a cookie that expires at the end of the session and redirect you to your real administration page. No one will be able to load anything from the administrator directory without having gone through the "myadmin" directory first.

Needless to say, you would choose another directory name for "myadmin" and change the cookie code "1234567890" to something else. Security through obfuscation is no substitute for the real thing but this might make you feel a little better.

hungover
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sun Oct 18, 2009 12:44 am

Re: [22]Admin folder Location

Postby hungover » Thu Nov 19, 2009 4:47 pm

if this a double post then apologies (sodding free wifi in this pub logs you out and forces you to re-log in .


Just wanted to thank charasoverride

It works!!!! Just remember to make sure that you have no spaces before the <php? declaration otherwise you will get "headers already sent errors"

I plan to use this on any cms/cart/forum that doesn't allow admin path renaming.

Other than lucky guesses what are the potential pitfalls of this technique?

Once again thanks!!!!


Return to “Accepted - Archived”

Who is online

Users browsing this forum: No registered users and 2 guests