-
- 6 Posts
How can I change backend /manager/ url to something other, say /magager1/. This should prevent bruteforce attacks.
Thanks!
In Revolution you can do this with the Advanced Download/Install.
Check out the docs for info:
http://rtfm.modx.com/display/revolution20/Advanced+Installation
I did once change the folder name in Evo, but it was fairly unpleasant. I suppose it would be easier for someone with a fancy IDE that can deal with whole directories full of files. One of these days I intend to go through it again, replacing it all with a variable that gets set in the index.php files. Of course, that will complicate installation...
-
- 2,877 Posts
I hack my accesscontrol.inc.php
// load template file
$check = mysql_real_escape_string(strip_tags($_GET['soMeFunnyVar']));
if($check == "SoMeWeirdValue") {
$tplFile = $base_path.'manager/media/style/'.$manager_theme.'/rightform.html';
} else {
$tplFile = $base_path.'manager/media/style/'.$manager_theme.'/wrongform.html';
}
$handle = fopen($tplFile, "r");
$tpl = fread($handle, filesize($tplFile));
fclose($handle);
Then I automatically block people who tries to login with
blackhole ;)
MODX 1.0.12
elseif(is_file(MODX_MANAGER_PATH . 'media/style/' . $modx->config['manager_theme'] . '/login.tpl')) {
//mrhaw hack
$check = mysql_real_escape_string(strip_tags($_GET['soMeFunnyVar']));
if($check == "SoMeWeirdValue") {
$target = MODX_MANAGER_PATH . 'media/style/' . $modx->config['manager_theme'] . '/login.tpl';
} else {
$target = MODX_MANAGER_PATH . 'media/style/' . $modx->config['manager_theme'] . '/default_hoax_login.tpl';
}
$login_tpl = file_get_contents($target);
}
+ in manager .htaccess add:
# Restrict direct access to script file types and templates
<FilesMatch "\.tpl$">
Order allow,deny
Deny from all
</FilesMatch>
[ed. note: mrhaw last edited this post 10 years, 6 months ago.]
You can also limit people to specific IP addresses.
-
- 486 Posts
Hi mrhaw,
I am really interested in modifying the 1.0.12 accesscontrol.inc.php file per your code above but I am not quite sure where to put your code in the file and which code to replace.
I am looking in the accesscontrol.inc.php file but am a bit stuck.
Any chance you could please provide line numbers and quick instructions on which code to replace etc.
Thanks so much for any help.
-
- 2,877 Posts
Quote from: danilocuculic at Oct 16, 2013, 09:32 AM
Don't do that - 1.0.12 has native way to rename manager folder (see changelog instructions + assets/cache/siteManager.php)
Agree! If you don't understand 100% what my code did - don't use it as you can then break accesscontrol.php and the whole website!
Susanne (sottwell) gives us the best solution: IP Restriction
http://forums.modx.com/thread/45029/restrict-manager-by-ip-addresses-without-breaking-captcha#dis-post-463882
[ed. note: mrhaw last edited this post 10 years, 6 months ago.]
-
- 486 Posts
Thanks Eoler and MrHaw - Roger that, will happily leave this.
I had zero idea what it did but came from your link from the other thread. One less thing to do - thanks for the warning.