Have 2 question. Please help! 1. I have a password protected folder (my control panel folder). Periodically I find there new users added by hackers. How do you password protect your control panel folder from your website? I just add user an password from my hosting control panel. Is there any way I could make this folder more secure, I mean to edit the .htaccess file inside that folder? 2. Also what is the correct permission from that CP folder? Currently I have 755. Should I change it? Any advice about how to protect it better and about the CP folder correct permission will be appreciated. Thanks Marius
How often do you get new users added? And what kind of control panel are you running? Does it have a username/password set up right now? Or is that what you're going to use htaccess for?
Well, hackers bruteforce your password using a dictionary or computed algorithm. To see how it's done - View http://yehg.net/lab/pr0js/training/view/misc/HTTP_BruteForcingWithJHijack/ Or download http://yehg.net/lab/pr0js/files.php/HTTP_BruteForcingWithJHijack.zip You can't assume it's only because of your weak/crackable passwords. There are many other factors.