September 10 2010 21:25:18
PHPFusion-mods.net | Your PHP Fusion resource
Navigation
Last Seen Users
krejsy< 5 mins
kordun< 5 mins
krohn< 5 mins
gerremans< 5 mins
thenebb00:13:42
bigcarrot00:17:18
pojan00:24:10
damesi2600:35:02
Bubbi00:37:11
m1row00:59:26

Members: 16,277
Newest: pojan
Blogs
Diemux
» 18-09-2009 - Say ...
Diemux
» 10-07-2009 - Will...
Diemux
» 24-06-2009 - Blog...
elyn
» Elyn + Streamyx (...
Diemux
» 19-05-2009 - Thin...
Diemux
» 15-05-2009 - Week...
Diemux
» 13-05-2009 - Comp...
elyn
» Number 1925
Diemux
» Number One
Things to Do
Latest Articles
A tour through the n...
Protect your Fusion ...
Change your database...
Handling MySQL Datab...
Admin Control Panel ...
How to Secure Your I...
Show Content by Defa...
v7 | Add social book...
v7 | Custom MySQL er...
How To: A PM after r...
v7 | SEO friendly UR...
v7 | SEO friendly UR...
Comments Advanced Vi...
Auto-redirect to the...
A tour through PHP-F...

View all articles
Downloads v7
Currently popular Downloads
FusionBoard 4 4030
Video Gallery 2877
Professional Down... 2576
Photoalbum Mass U... 2524
Avatar Studio 2353
Extended Profile 1899
Button panel 1869
XHTML mod for mod... 1867
VArcade 2.1 1836
HighSlide Gallery... 1806

Latest Downloads

Bosnian Locale - PHP... 5
Multimedia Studio ve... 29
Post-Report 2
Post Report with pd_... 1
XHTML mod for modern... 1867
Pimped-Fusion v0.08.01 23
Update Package v0.08.01 4
Support Panel-Skype 25
Header Weather Widget 84
Forum Thread List Pa... 35

Latest 100
Downloads v6
Currently popular Downloads
Banner System v2.0.4 1708
Video Gallery 1214
Extreme Theme Editor 917
Fuzed Shoutbox 818
Seoname.php 756
Icon Package 2.0 702
Extended Profile ... 660
News.php 585
EXTboard 552
Tabbed welcome panel 532

Latest Downloads

Google Sitemap Fast 60
ExtBoard 1.2 385
EXTboard 552
v6.01.18 - v6.01.19 34
v6.01.19 FULL 93
Birthday 123
Moneybookers 47
User info 104
Link to us 262
jNews.php 346

Latest 100
Provider
PHPfusion-mods.net is hosted at:

110MB
Admin Control Panel Protection

As you already know the admin panel can easily be accessed with an admin or super admin account. Admin and super admin accounts are one of many hacker targets.

I'm going to show you how to add easy but effective protection to your admin control panel using htacess and htpasswd. The nice thing about using htaccess and htpasswd is there are no back doors to retrieving username and passwords unlike php and js.


First create a .htaccess file. Also create a .htpasswd file which we will use later on. Make sure you put both of those files into the administration directory.

Add the following code to the .htaccess file...

AuthName "Admin Control Panel"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user

NOTE: Change the "/full/path/to/.htpasswd"
to the full path on your server where your .htpasswd file is located. If you do not know the full path contact your web host.

Next open the .htpasswd file that we created earlier (nothing in front of the dot). This file will contain the usernames and passwords for accessing the admin control panel.


Add the following code to the htpasswd file...

username:password

Change the username and password to the ones you desire to use. (do not use the same account info that your admin account has otherwise this tutorial is useless)

* Note: do not put your password in regular form, encrypt it at htaccesstools.com !

Simply add that code on a new line to add another username and password possibility.

Also don't forget to add the following code to the .htaccess file which will protect the htaccess file and htpasswd file itself.

<Files ".htaccess">
order allow,deny
deny from all
</Files>

<Files ".htpasswd">
order allow,deny
deny from all
</Files>

Congratulations you've just added more security to your admin panel. You will only need to login once when the pop up comes up when accessing the acp per browser session.

You will not regret doing this especially if your account is ever hacked, the hacker will only do minor damage like delete forum posts and etc. Remember the admin control panel is like the brain that operates and controls the content of the site, so lets keep its security protection high.

Besides this small security addon it's highly recommended to backup your site every x weeks. Whenever your websites gets more active make backups more frequent, this to prevent data loss!

Written by Brandon, a thanks to webadmin88 for extra information.
| Posted by Brandon on October 16 2008 21:26:27 · 4 Comments · 6143 Reads · Print
Comments
#1webadmin88 on October 18 2008 23:33:42
webadmin88
I have to disagree with this tutorial. When inserting the line in the .htpasswd file YOU SHOULD NOT use usernamePuh.assword, but ENCRYPTED password instead. The logic behind this encryption is hard so just use this method here:

http://www.htacce...generator/

Regards
#2snowneo on October 23 2008 11:08:25
snowneo
Very well written and informative.

Thanks!
#3Stic on July 11 2009 23:00:02
Stic
BIG thanks for guide
#4Stic on July 12 2009 00:02:48
Stic
You can allow known IPs to access the administration directory. Here is how I do it with .htaccess in administration folder:

Order Deny,Allow
Deny from all
allow from YOU IP

Just change YOU IP to your IP. You can find your IP here >> http://www.myip.x..., You can ofcourse add another "allow line" to above code, if you want to use the admin from multiple computers. Smile
Post Comment
Please Login to Post a Comment.
Ratings
Rating is available to Members only.

Please login or register to vote.
Awesome! Awesome! 67% [4 Votes]
Very Good Very Good 17% [1 Vote]
Good Good 0% [No Votes]
Average Average 0% [No Votes]
Poor Poor 17% [1 Vote]
Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
Our Coders
Smokeman
Rizald 'Elyn' Maxwell
Diemux
Netrix
Donate
Shoutbox
You must login to post a message.

MarcusG
10/09/2010 12:02
http://forum.copp.
..ic=54885.0

Smokeman
10/09/2010 11:37
@Splash: Well now I've tried that - but it didn't work. Spam removed again today.

Splash
08/09/2010 03:23
120 . 32 . * . *

Splash
08/09/2010 03:22
Block IP range from China and bye bye spammer. Big Smile

MarcusG
06/09/2010 13:00
@smokeman: my shout was not adressed to a special person. Fusion-Mods and Fusion-Main sites have the same problems with stupid spammers. Wink

Smokeman
06/09/2010 10:02
@MarcusG: I agreed with you but I can't do anything about it. It's Diemux that stands for that part of the site.

MarcusG
06/09/2010 09:21
This SPAM really SUX, especially when there are solutions to fight it. I have NO (ZERO) Spam on my site.

Splash
06/09/2010 04:18
I think someone break Fusion captcha.

Smokeman
04/09/2010 09:32
Spam deleted.

MarcusG
04/09/2010 08:09
Try this to fight the SPAM: KLICK ME HARD Or THIS
Advertiser
One-click Translation
Translate This Site
Render time: 0.17 seconds 5,416,363 unique visits
Copyright © 2007 - 2010 PHPFusion-mods.net

Valid XHTML 1.0 Transitional



Powered by PHP-Fusion copyright © 2002 - 2010 by Nick Jones.
Released as free software without warranties under GNU Affero GPL v3.
Running on v7.00.0x PHPFusion-mods.net Special Edition