Not a bug  Location Admin Panel

James

Well-known member
I'm not quite sure what your point is. The XenForo Admin Panel is located in the same directory as index.php yes, this is not a bug.
 

MrBrian

Active member
I think he's trying to say that the admincp shouldn't be in the same directory as the forum directory?
 
F

Floris

Guest
Yeah, but that's done on purpose, and I don't see how it's going to lead to problems.
 

Mike

XenForo developer
Staff member
It isn't really a secret. As soon as the software goes out, everyone would know where the default location is, even if it were wld2297asdfkl.php :)
 
Reactions: DSF

Romchik®

Well-known member
It isn't really a secret. As soon as the software goes out, everyone would know where the default location is, even if it were wld2297asdfkl.php :)
Hm... This is all never mind, if we can in settigs define name or path for admin.php (how in vB for admincp in config.php).
If not, then bad.
 

Forsaken

Well-known member
Hm... This is all never mind, if we can in settigs define name or path for admin.php (how in vB for admincp in config.php).
If not, then bad.
How is it bad..?

Unless the administrator account has been compromised (At which time you're already screwed), theres nothing that can really go wrong other then bruteforce, and to be quite honest, theres not bruteforcing does against secure passes :rolleyes:
 

CyberAP

Well-known member
The only one good thing when you have an /admin/ folder you can change it's name before the install and no one can guess how the folder is named if he is not admin or... hacker :rolleyes:.
 

Forsaken

Well-known member
The only one good thing when you have an /admin/ folder you can change it's name before the install and no one can guess how the folder is named if he is not admin or... hacker :rolleyes:.
Changing the name doesn't do much, and while its not quite obfuscation, by the time a real hacker is actually going for your ACP, they've most likely gotten your credentials.
 

Onimua

Well-known member
The only one good thing when you have an /admin/ folder you can change it's name before the install and no one can guess how the folder is named if he is not admin or... hacker :rolleyes:.
It doesn't change anything if your account is compromised. It's no different if a hacker tries to get into your ACP directly, or just tries to log into your account on the front end, logs in and then simply clicks the link to the ACP; the end result is the same.

That's why it's recommended you also add a .htaccess file to add another username/password combination so the ACP should the scenario above happen.
 
F

Floris

Guest
If there's a serious bug in the code that allows you to gain access to the back-end of the product, like "change options"

It does not matter if the file "admin.php" is in /forum/ or /forum/adminarea/
 

Brandon_R

Guest
I think people are under the impression that it's a standard to have the admincp in a directory by itself which really isn't. As long as you can protect the file admin.php then it's safe.
 
Top