Welcome to the MetaMod and Chameleon Support Forums.

Before posting, please check out the FAQs.

helpme

 

Need extra help with your Joomla site? Consider paid Joomla support by the developer of Chameleon and MetaMod.

 

How to block Administrator page on Chameleon setup TLD's

How to block Administrator page on Chameleon setup TLD's

I see it is possible to log in the admin backend with any of the chameleon rules. So say I've got a rule extra.net which is a alias on mainsite.com I am also able to login at extra.net/administrator. This is correct and makes sense is how chameleon works with domain rule.

However, is there a way to block the /administrator paths on chameleon rules?
I'm getting hacking attempts on all my sub-sites now. Not only on the main site admin. That's why I want to close this for better security.

Any ideas how I could accomplish this?
Thanks.

jhostweb
Beginner Modder
ranks
useravatar
Offline
4 Posts
Administrator has disabled public posting

Re: How to block Administrator page on Chameleon setup TLD's

Hi jhostweb,

although technically the plugin that drives Chameleon can detect requests for pages that start with /administrator, it was a design decision to NOT detect these. The reason for this is that it's far too easy to make actions in Chameleon which could prevent you from even logging in on the administrator side.

I would suggest the use of something like Admin Tools (from Akeeba) where you can protect /administrator by requiring a keyword to be added to the URL. Although that's not exactly what you wanted it achieves the same thing with a good deal of security.

Best regards,
Stephen

Stephen Brandon
MetaMod / Chameleon developer
If you use MetaMod or Chameleon, please post a rating and a review at the Joomla! Extensions Directory: Chameleon | MetaMod

metamodguy
useravatar
Offline
3312 Posts
User info in posts
Administrator has disabled public posting

Re: How to block Administrator page on Chameleon setup TLD's

Hi Stephen,

Thanks for your quick response.
Yes I understand it would make it more secure and will try it out.
Perhaps a simple method would be to redirect specific admin urls that I don't want to work to a custom page or back to the domain root..
Thanks.

Jh

jhostweb
Beginner Modder
ranks
useravatar
Offline
4 Posts
Administrator has disabled public posting

Board Info

Board Stats:
 
Total Topics:
1667
Total Polls:
6
Total Posts:
5909
Posts this week:
1
User Info:
 
Total Users:
10113
Newest User:
michael2066
Members Online:
1
Guests Online:
210

Online: 
michael2066

Forum Legend:

 Topic
 New
 Locked
 Sticky
 Active
 New/Active
 New/Locked
 New Sticky
 Locked/Active
 Active/Sticky
 Sticky/Locked
 Sticky/Active/Locked