>> Site Map >> Forums >> PHP-Nuke Security
Forum module - topics in forum:
PHP-Nuke Security - Been hacked? or have a question about securing your site, here's the place.
Emptying admin.php
After I renamed admin.php to confuse hackers, I experimented and placed an empty admin.php file.
This been there is no loggin in. In the event I want to administer something I upload the admin file.
Given the above renaming, do I accomplish anything securitywise?
About renaming I suppose a hacker would look for any abnormale file compared to his list and guess it's the admin file og he could perhaps search for text only found in the admin file?
Anyways, how about that empty admin.php?
Im slightly lost, but what I think your trying to do is remove the normal admin.php file and the renamed admin.php and replace them with an admin.php that is blank. When you want to admin something, you'll replace the blank admin.php with the proper file and when you've finished, replace it with the blank one again.
That should improve security for your admin area as all admin functions require the admin.php file. But I dont see the point in a blank admin file, why not just delete it all together and upload the file when needed?
| Cypher_489 Wrote: : |
That should improve security for your admin area as all admin functions require the admin.php file. But I dont see the point in a blank admin file, why not just delete it all together and upload the file when needed? |
The file is required for PHP-Nuke to run else it returns an error message saying the file named in config.php is missing and I will avoid changing config.php also.
Thanks for the reply.
| Quote: : |
| The file is required for PHP-Nuke to run else it returns an error message saying the file named in config.php is missing and I will avoid changing config.php also. |
Oops, forget about that in config.php
| Cypher_489 Wrote: : | ||
Oops, forget about that in config.php |
That's OK , I only became aware of it because I tried.
Looking through your various postings you seem awful concerned about security, pissin about with your admin file will do nothing to stop some idiot using a sql injection.
Just get sentinel, install that and configure it, that's all you need to do.
