Many scripts suggest "renaming the admin section for security" (against Hackers) Some actually make it really easy to do After the security mod (of renaming 'admin' and making sure the script was properly modified)... Has anyone ever thought of throwing in a fake 'admin' sub-folder? Hackers would see it, and go straight for the bait Then you could really have fun... ...and include a config.php file with fake Database info and bogus vital passwords. Is this almost a good, original idea for security?
What you are describing is a type of honey pot. There are two main uses for this. One is to digitally fingerprint hackers to harden security on systems and the other is to create a place where they waste a lot of time discovering the secrets of and hacking a fake place. This can give security experts the time needed to track down the individual so as to improve surveillance of their activities and to begin to ascertain their physical location. I have though about such projects, but I have come to the conclusion it is better to gracefully block hackers than to play games with them. After all, if your entire site and all your scripts are not bullet proof and your trick creates a true enemy, the long term pain will be greater than the short term laughs. Secondly, never forget you are paying for this game with your bandwidth. 404 error responses are a less costly alternative and will cause the individual to move on. No short term laughs and probably no long term term pain.
personally i think you should more time securing your site rather than wasting time making fake admin sections.
Thanks, for the good advice. My basic level of security knowledge (in general for PHP sites), ends after a 'standard precaution' of changing the name of the admin section (without the 'game' described in this thread) In general, what else should I do for real security? (cPanelX/WHM, shared hosting for now)
Well, you need to start by looking for articles on security vulnerabilities and PHP and SQL or script injection and PHP. That will help get you up to speed on the problems you face. Since you are installing third party scripts, spend time at their forums, watching for security issues and workarounds discovered by that user community. Keep your scripts completely up to date at all times. Make sure your admin password is difficult -- longer than eight characters and that it contains upper and lower case, numbers and or other types of characters. You could take the extra step of double password protect the admin directory by limiting access to a single user and forcing a user-name/password challenge on entry into the directory. I did this on one site using Apache's .htaccess. That could probably be accomplished through cPanel