Anyone can login my admin.php...Help plz!

[spectrumpower]

I have already secured my osCommerce store with SSL and I have changed all the necessary values so that it will recognize it and it does no problem. The only problem is that anyone can access my admin account just by simply going to the admin.php. Is there any way for a password prompt or something to come up so that only I may access it?

Thanks!

[seank123]

The easiest way to to add a user/password to the catalog/admin folders .htaccess file - check with your host to find out how to do it.

There are also a couple of mods that do it too:

http://www.oscommerce.com/community/...search,protect

[michael_s]

See this to secure your install:

http://oscdox.com/modules.php?op=mod...20Installation

[jpf]

The "other" option (in addition to above) is to delete or move the admin...

anyone that know OSC and finds out your site is using it can try the standard directories to hack into the ADMIN (if they get a login screen then they can try hacking in) - but if you move it so something random - unguessable then they will be hard to even find it...

www.yoursite.com/admin
www.yoursite.com/catalog/admin

- how about try:

http://www.yoursite.com/s0mEthinG_ra...ssd/myADM1Ndir
note: that is 's(zero)mE' and 'ADM(one)N'

(Note: Unix treat /ABC, /abc,/Abc,/AbC etc as all diffent files/directories....)

Good Luck!

[Guile]

Thanks for this information, i was having the same problems and i appreciate the thoroughness of these three solutions. This is one of the best technical forums because of the people on it.