7 replies to this topic

[Comesticage]

Hi,

My website is still working. www.oxytarm-ap.com

But when i try to login the admin module at

http://oxytarm-ap.com/shop/catalog/admin/

All i get is

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Apache Server at oxytarm-ap.com Port 80
1) password never been changed before 2) i can login about a week ago 3) i used several different dates of backups (of the admin folder) and re upload via ftp.
But still can't login.
This is panicking help someone! =)
TIA

[Comesticage]

Any one can help me?

This is puzzling.

[multimixer]

Having access to your cPanel, you can reset the admin password, there are several posts here explaining this

You need basically to empty table "administrators" from the DB and remove the password related entries from files .htaccess and htpasswd_oscommerce in folder /admin/

[Comesticage]

@multimixer

Thanks, i followed the instructions online and manage to empty the table and login.

Now, i am trying to re set up the htcaccess...

don't really know how to.

Is there any feature that i can add to beef up the security of my admin page?

TIA

[multimixer]

Now that you can login again, go to admin>configuration>administrators, click edit on your admin name, and add the password again, make sure to click the checkbox about adding htaccess protection

[knifeman]

Comesticage, on 19 June 2013 - 12:04 PM, said:

@multimixer

Thanks, i followed the instructions online and manage to empty the table and login.

Now, i am trying to re set up the htcaccess...

don't really know how to.

Is there any feature that i can add to beef up the security of my admin page?

TIA

Admin directory should be renamed and the pertinent line in configure.php changed to match.
I like the new IP trap by Fimble. It has one feature I wanted to utilize years ago; the ability to block an ip from my admin. no need to log into Cpanel and add the ip to htaccess  http://addons.oscommerce.com/info/5914
Also, one of the sitemonitor addons is a great addition. Set up as a cron and get notified if any files are added, altered, or deleted.

Tim

[Comesticage]

multimixer, on 19 June 2013 - 12:28 PM, said:

Now that you can login again, go to admin>configuration>administrators, click edit on your admin name, and add the password again, make sure to click the checkbox about adding htaccess protection

When i followed this steps, there was no checkbox. i am using 2,3.1 - i dunno sometimes i have missing check box...

just like when i upload the images for the products, there's suppose to have a delete option to delete the image. that is also missing. so what i always do is just upload the pictures and it will overwrite the original ones...

so about the checkbox of the htaccess. is there anything that is wrong with my oscommerce?

Regards,

[multimixer]

Comesticage, on 19 June 2013 - 03:04 PM, said:

so about the checkbox of the htaccess. is there anything that is wrong with my oscommerce?

No, there is probably something wrong with the server environment or the file permissions. Do you have any message regarding file permissions in admin>configuration>administrators?

You can also set htaccess protection to the admin folder via cPanel, there must be a feature like "password protect categories" or similar