Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Why does this URL work if the folder if missing? Admin


Guest

Recommended Posts

Someone is screwing around with my site.  2.3.4.1 CE

www.mysite.com/admin/login.php

My Admin folder was renamed after the install.  Yet, that link will take them to the Log In page on the public side of the website.

Why would that link take them anywhere if there is no admin folder?

- Andrea

Link to comment
Share on other sites

Because they now you use oscommerce and they know the default admin directory is called admin?
 

10 minutes ago, puggybelle said:

Why would that link take them anywhere

Where it takes them?
it cannot unless you tell them to?

Link to comment
Share on other sites

There is no reference at all to Admin in catalog/includes/configure.php

Nothing to edit, in other words.

Only in the renamed Admin/includes/configure.php file

All instances of Admin were changed to the new folder name

There is the one reference of Admin that looks like this:

define('DIR_FS_ADMIN', '/home/user/public_html/newadminfoldername/');

But, that's it for any trace of the word ADMIN in the file.

- Andrea

Link to comment
Share on other sites

If you renamed the folder to something else and no longer have a folder called admin - then the request will return 404

This may be a cache problem ? try clearing your browser cache

Alternatively you must have something in your script or htaccess that's doing the redirect, but if there is no folder called admin it should still return 404

I think it's a cache problem.

Link to comment
Share on other sites

26 minutes ago, wHiTeHaT said:
37 minutes ago, puggybelle said:

Why would that link take them anywhere

 

this is what you sayed.
So what exactly you saying.

How you detect visitor X to that admin takes visitor X anywhere?

Link to comment
Share on other sites

I'm thinking it has something to do with my SEO-G urls contrib.

If I go to mysite.com/admin - I get redirected to the index page. 

And that's what SEO-G is supposed to do when entering a URL that doesn't exist.  Take me to the homepage.

It's a redirect setting in the SEO-G configuration screen.

Like, if I type in something vulgar...www.mysite.com/bulls***..........it will take me straight to mysite.com/index.php

It's almost like it's skipping over the admin folder request part of the url I mentioned and going straight for login.php

Login.php is a real file, but I'm surprised to see that the admin folder request didn't send it to index.php

Anyway, that's what I'm thinking now. 

The SEO-G reports section is where I picked up on someone typing in mysite.com/admin/login.php and for the heck of it, I tried it myself, and it does take me to the customer log in screen on my website. 

They're screwed with Admin, though.  Guess that's good enough.

Thanks for the replies!

- Andrea

 

Link to comment
Share on other sites

2 hours ago, puggybelle said:

If I go to mysite.com/admin - I get redirected to the index page

I suggest you installed View Counter, which has a trap for admin, or IP Blocker, if it works in your shop. Or just make the following change after the rewriteemine on but before the other redirects. Change the destination to wherever you like, though it should be away from your site.

RewriteCond %{REQUEST_URI} "/admin/"
RewriteRule (.*) http://google.com [L]

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I looked at the View Counter contrib the other day.  It's such a big contrib.

I have quite a few of your things installed with your name on it, Jack.

Sitemap...Sitemonitor...Googlefeeder ( but remember the issues I've had with that, for some unknown reason, but working! )

I'm still sitting on the install for Header Tags SEO.  Had that in my old site, too.  Would like that back.  That's a big one.

For some reason, I'm very hesitant to tackle the big contributions now.  I'm just happy to have my old urls back and getting sales.

I did install the Honeypot Captcha contrib last week after getting bombarded with fake accounts from Russia for two weeks.  That has nearly died away now.

I'll look at View Counter again.  I downloaded it the other night and step 3 of the install is like...huh?  Sounds like webhost talk meaning...I have no clue what IPV4 or DB11 means.  Seems pretty complicated.  For me!

- Andrea

 

Link to comment
Share on other sites

I'm happy that my addons are helpful to you. I will answer questions like the one about step 3 but please post them in VC's support thread so we don't hijack this one.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...