• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Not a bug  Location Admin Panel

James

Well-known member
#2
I'm not quite sure what your point is. The XenForo Admin Panel is located in the same directory as index.php yes, this is not a bug.
 
F

Floris

Guest
#5
Yeah, but that's done on purpose, and I don't see how it's going to lead to problems.
 

Mike

XenForo developer
Staff member
#7
It isn't really a secret. As soon as the software goes out, everyone would know where the default location is, even if it were wld2297asdfkl.php :)
 

Romchik®

Well-known member
#9
It isn't really a secret. As soon as the software goes out, everyone would know where the default location is, even if it were wld2297asdfkl.php :)
Hm... This is all never mind, if we can in settigs define name or path for admin.php (how in vB for admincp in config.php).
If not, then bad.
 

Forsaken

Well-known member
#10
Hm... This is all never mind, if we can in settigs define name or path for admin.php (how in vB for admincp in config.php).
If not, then bad.
How is it bad..?

Unless the administrator account has been compromised (At which time you're already screwed), theres nothing that can really go wrong other then bruteforce, and to be quite honest, theres not bruteforcing does against secure passes :rolleyes:
 

CyberAP

Well-known member
#11
The only one good thing when you have an /admin/ folder you can change it's name before the install and no one can guess how the folder is named if he is not admin or... hacker :rolleyes:.
 

Forsaken

Well-known member
#12
The only one good thing when you have an /admin/ folder you can change it's name before the install and no one can guess how the folder is named if he is not admin or... hacker :rolleyes:.
Changing the name doesn't do much, and while its not quite obfuscation, by the time a real hacker is actually going for your ACP, they've most likely gotten your credentials.
 

Onimua

Well-known member
#13
The only one good thing when you have an /admin/ folder you can change it's name before the install and no one can guess how the folder is named if he is not admin or... hacker :rolleyes:.
It doesn't change anything if your account is compromised. It's no different if a hacker tries to get into your ACP directly, or just tries to log into your account on the front end, logs in and then simply clicks the link to the ACP; the end result is the same.

That's why it's recommended you also add a .htaccess file to add another username/password combination so the ACP should the scenario above happen.
 
F

Floris

Guest
#14
If there's a serious bug in the code that allows you to gain access to the back-end of the product, like "change options"

It does not matter if the file "admin.php" is in /forum/ or /forum/adminarea/
 
#15
I think people are under the impression that it's a standard to have the admincp in a directory by itself which really isn't. As long as you can protect the file admin.php then it's safe.