Protecting You Mambo admin panel using htaccess

 .htaccess files are very versatile, and can easily protect some area of Your Homepage. In the case of Mambo, I am here giving You a way to secure it in less than 5 minutes. 

All You have to do is to drop a file named .htaccess in Your /administrator directory

• pathto should normally be outside you public webserver directory!
  In plesk, that means outside the httpdocs directory!
• .htpasswd is a Text file which contains a mapping login:password.

XXXXXXX must be replace by it’s crypt version, use that Url to create a new
crypted value:

http://de.selfhtml.org/cgi-bin/cryptform.pl?password=aSI45I#56B4KgR34542

In this example, I want to have aSI45I#56B4KgR34542 as password (my real password is even more complex!), the page then display me

cziW29BR6Y3fM

Be careful it is changing at each reload of the page since the system add "salt" to the password in order to avoid brute force attack with dictionnary.

So I create a file .htpasswd which contains:

So In order to be able to go in my administrator Mambo panel, I will have to type

user name: admin
password: cziW29BR6Y3fM

HTACCESS is containing a lot more keywords and way to protect some data or directories.
I recommend You to google a little bit to find some exhaustive articles like this one in german:
http://de.selfhtml.org/servercgi/server/htaccess.htm#optionen

If Youre using my component hashcash or any statistics log tools on YOur server, YOu may know the IP of the bad guys which try to break Your site. There is a way to block these attacking zombies at the server level. Just extends the section Limit of the .htaccess file

 <Limit GET POST>
order allow,deny
allow from all
deny from  XXX.XXX.XXX.XXX
deny from .microsoft.com 
</Limit>

where XXX.XXX.XXX.XXX is the IP or part of the IP (XXX or XXX.XXX or XXX.XXX.XXX), but it can be a DNS. You can add as many lines as You want.

You Might Also Like:

Logo for JoomlaCloud

Project Scribble at sourceforge

JoomlaCloud 1.0.1