1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

For Security: Has Anyone Ever Thought Of A Fake Admin Section?

Discussion in 'Security' started by gemini181, Jan 31, 2007.

  1. #1
    • Many scripts suggest "renaming the admin section for security" (against Hackers)
    • Some actually make it really easy to do

    After the security mod (of renaming 'admin' and making sure the script was properly modified)...

    Has anyone ever thought of throwing in a fake 'admin' sub-folder?
    • Hackers would see it, and go straight for the bait
    • Then you could really have fun...
    • ...and include a config.php file with fake Database info and bogus vital passwords.

    Is this almost a good, original idea for security? :)
     
    gemini181, Jan 31, 2007 IP
  2. clancey

    clancey Peon

    Messages:
    1,099
    Likes Received:
    63
    Best Answers:
    0
    Trophy Points:
    0
    #2
    What you are describing is a type of honey pot. There are two main uses for this. One is to digitally fingerprint hackers to harden security on systems and the other is to create a place where they waste a lot of time discovering the secrets of and hacking a fake place. This can give security experts the time needed to track down the individual so as to improve surveillance of their activities and to begin to ascertain their physical location.

    I have though about such projects, but I have come to the conclusion it is better to gracefully block hackers than to play games with them.

    After all, if your entire site and all your scripts are not bullet proof and your trick creates a true enemy, the long term pain will be greater than the short term laughs.

    Secondly, never forget you are paying for this game with your bandwidth. 404 error responses are a less costly alternative and will cause the individual to move on. No short term laughs and probably no long term term pain.
     
    clancey, Feb 1, 2007 IP
  3. amnezia

    amnezia Peon

    Messages:
    990
    Likes Received:
    31
    Best Answers:
    0
    Trophy Points:
    0
    #3
    personally i think you should more time securing your site rather than wasting time making fake admin sections.
     
    amnezia, Feb 1, 2007 IP
  4. gemini181

    gemini181 Well-Known Member

    Messages:
    2,883
    Likes Received:
    134
    Best Answers:
    0
    Trophy Points:
    155
    #4
    Thanks, for the good advice.

    My basic level of security knowledge (in general for PHP sites), ends after a 'standard precaution' of changing the name of the admin section (without the 'game' described in this thread)

    In general, what else should I do for real security? (cPanelX/WHM, shared hosting for now)
     
    gemini181, Feb 1, 2007 IP
  5. clancey

    clancey Peon

    Messages:
    1,099
    Likes Received:
    63
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Well, you need to start by looking for articles on security vulnerabilities and PHP and SQL or script injection and PHP. That will help get you up to speed on the problems you face.

    Since you are installing third party scripts, spend time at their forums, watching for security issues and workarounds discovered by that user community. Keep your scripts completely up to date at all times.

    Make sure your admin password is difficult -- longer than eight characters and that it contains upper and lower case, numbers and or other types of characters.

    You could take the extra step of double password protect the admin directory by limiting access to a single user and forcing a user-name/password challenge on entry into the directory. I did this on one site using Apache's .htaccess. That could probably be accomplished through cPanel
     
    clancey, Feb 1, 2007 IP