MyBB Community Forums

MyBB Community Forums > Resources > Tutorials > Admin Directory Deny IP
Full Version: Admin Directory Deny IP
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Paul H.

2011-12-21, 07:27 PM
This is a tutorial on how to better secure your admin directory.

Add this to admin/.htaccess

Order deny,allow
Allow from 127.0.0.1
Deny from all

Replace 127.0.0.1 with your IP address.

If you want multiple IP's, seperate them by a space, like so:

Order deny,allow
Allow from 127.0.0.1 192.168.1.1
Deny from all

If you want to display a custom error page, add this:

ErrorDocument 403 ./error.html


Be careful with this, if you have a dynamic IP you could lock yourself out of the ACP.

User 2877

2011-12-21, 11:34 PM
1. You should change your admin directory name.
2. You should create a folder called "admin" and do the htaccess authentication just to throw someone off. They will think it exists but it doesn't.

Dylan M.

2011-12-21, 11:43 PM
(2011-12-21, 11:34 PM)labrocca Wrote: [ -> ]1. You should change your admin directory name.
2. You should create a folder called "admin" and do the htaccess authentication just to throw someone off. They will think it exists but it doesn't.

That's nice a clever Wink
Have it in your real Admin folder as well of course Wink

User 2877

2011-12-21, 11:53 PM
Setup triggers too. Where a login will send you email with IP and timestamp. Smile So even if someone gets into the fake admin you know.

Lots of little things you can do.

Dylan M.

2011-12-22, 12:19 AM
(2011-12-21, 11:53 PM)labrocca Wrote: [ -> ]Setup triggers too. Where a login will send you email with IP and timestamp. Smile So even if someone gets into the fake admin you know.

Lots of little things you can do.

Aye, hundreds of tricks. The problem is, most people (including myself), don't know them all Wink

For example, I never would have thought of the ACP Honeypot type thing sending me an email Wink

Josh H.

2011-12-22, 01:18 AM
There is a plugin for it on the mods site. It works great!

Edit: http://mods.mybb.com/view/admin-cp-honeypot

Dylan M.

2011-12-22, 02:55 AM
(2011-12-22, 01:18 AM)GamerVoid Wrote: [ -> ]There is a plugin for it on the mods site. It works great!

Edit: http://mods.mybb.com/view/admin-cp-honeypot

I'm aware of that. Please pay attention to what is written. I said I wouldn't have thought of it myself.

Josh H.

2011-12-22, 03:19 AM
Oops Blush... I guess that detail slipped by me. Sorry.
I wouldn't have thought of it either. It is a really slick tool, except for when you use directory syncing in FileZilla, and you upload to the wrong directory. Smile

Dylan M.

2011-12-22, 03:24 AM
(2011-12-22, 03:19 AM)GamerVoid Wrote: [ -> ]Oops Blush... I guess that detail slipped by me. Sorry.
I wouldn't have thought of it either. It is a really slick tool, except for when you use directory syncing in FileZilla, and you upload to the wrong directory. Smile

Doh!
[Image: doh.jpg]

Dylan M.

2011-12-26, 04:54 AM
As their seems to be a little misinterpretation about my previous post: Let me clarify... the "Doh!' and "Doh Baby pic" are meant to be a little tongue in cheek humor because I sympathize with GamerVoid about accidentally uploading to the wrong folder in FileZilla. Who hasn't been there? Wink
MyBB Community Forums > Resources > Tutorials > Admin Directory Deny IP