Register Members List Search Today's Posts Mark Forums Read

Reply
 
Article Options
  #16  
Old 18 Feb 2009, 20:53
bc641990 bc641990 is offline
 
Join Date: Apr 2007
lol most of the ideas in this were from me inroc :-/ unbelieveable
Reply With Quote
  #17  
Old 17 Jun 2009, 03:47
mme42 mme42 is offline
 
Join Date: Feb 2009
Originally Posted by iNRoC View Post
Trick #2: The Dummy Admin Panel

This one goes well with trick #1. Goto your admin panel's login screen,and go to your browsers File-> Save As page, and save the .php file to your HD. Now, open edit out the personal data in that admincp (look around the form data for "hidden" fields), and upload it to a directory on your server. Basically, the idea here is to make a non-functional admincp login page, to fool people into thinking they have the right URL when they really don't.
A few questions. First, exactly what personal data would be edited out? This is going to be an html file then, not php? And, is the idea to use this page as your listed admincp page in the config.php? Or do you have the real ACP in the newly renamed directory in the config and put the fake page in the /admincp folder in case somebody navigates directly to that path?

Originally Posted by jca2112 View Post
For example, a Fake Admin Login page that writes the IP addresses of login attempts to a file and/or email sent to the admin? That would make it easy to be alerted to login attempts and make it easy to ban users/IPs/etc. that go snooping for the Admin Panel.
Originally Posted by iNRoC View Post
Ill make you a page for it soon.
It would be helpful if anybody could do this.

Thanks
Reply With Quote
  #18  
Old 26 Oct 2009, 14:36
Barteh Barteh is offline
 
Join Date: Aug 2006
Slight bump. There's a simpler way to confuse bots, just add empty admincp and modcp dirs, then copy a .htaccess file to both that contains a single line:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Alternatively you could provide access to this (empty) dir with .htpasswd and an extremely long and completely random username and password, which they're of course quite welcome to try to bruteforce

All of this assuming you've moved your *real* admincp and modcp dirs of course.
Reply With Quote
  #19  
Old 09 Jan 2010, 08:47
lycheepassion lycheepassion is offline
 
Join Date: Aug 2009
Originally Posted by jca2112 View Post
The Dummy Admin Panel seems like a really good idea.

Has anyone made a mod/hack/script along these lines?

For example, a Fake Admin Login page that writes the IP addresses of login attempts to a file and/or email sent to the admin? That would make it easy to be alerted to login attempts and make it easy to ban users/IPs/etc. that go snooping for the Admin Panel.

Unfortunately that very same idea is essentially an exploit -- it could be used to do harm to the real vBulletin admin. Redirecting legitimate login attempts to the Fake Admin Login page in order to capture REAL username and passwords.

Is there something like this available that also couldn't be used to do evil things?


I really dont get how to do the dummy admin panel, maybe im just a dummy? Any help
Reply With Quote
  #20  
Old 28 Nov 2010, 01:14
kootta kootta is offline
 
Join Date: May 2009
that's so nice informative post keep it up
Reply With Quote
  #21  
Old 27 Aug 2013, 18:15
CAG CheechDogg's Avatar
CAG CheechDogg CAG CheechDogg is offline
 
Join Date: Feb 2012
Originally Posted by Lynne View Post
Nice article! It's so easy to take some steps to make this area of your board more secure, yet many admins don't bother.
Wow! 4 years later and this helped me out tremendously! Lately someone who was a member of our website has been trying to ddos us and gain access to our admin panel, this did the trick!

Simple yet so effective!
Reply With Quote
  #22  
Old 29 Jan 2016, 02:23
okedisini's Avatar
okedisini okedisini is offline
 
Join Date: Dec 2015
step by step please
Reply With Quote
  #23  
Old 29 Jan 2016, 03:39
Dragonsys's Avatar
Dragonsys Dragonsys is offline
 
Join Date: Jan 2008
Real name: Eric
Originally Posted by okedisini View Post
step by step please
step by step of which part?
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Article Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 14:45.

Layout Options | Width: Wide Color: