2019-01-29, 09:15 PM
Hi there,
I already disabled the memberlist.php in the ACP but you can still see the name of the admin when you call the link mydomain.com/user-1.html or mydomain.com/member.php?action=profile&uid=1
If you disable search engine friendly URLs in the ACP it will use the latter format.
In the .htaccess there's this line that does it:
I noticed if you do uid=0 in the browser it will show you your own current user. I already disabled guests to view any users.
What would be the correct RewriteRule to redirect user 1 (admin) to user 0?
I know it's security through obscurity, but better than nothing. Somebody would have to guess the username, the password and the ACP PIN (if he finds the real ACP).
Thanks
I already disabled the memberlist.php in the ACP but you can still see the name of the admin when you call the link mydomain.com/user-1.html or mydomain.com/member.php?action=profile&uid=1
If you disable search engine friendly URLs in the ACP it will use the latter format.
In the .htaccess there's this line that does it:
RewriteRule ^user-([0-9]+)\.html$ member.php?action=profile&uid=$1 [L,QSA]
I noticed if you do uid=0 in the browser it will show you your own current user. I already disabled guests to view any users.
What would be the correct RewriteRule to redirect user 1 (admin) to user 0?
I know it's security through obscurity, but better than nothing. Somebody would have to guess the username, the password and the ACP PIN (if he finds the real ACP).
Thanks