Posted - July 29 2003 : 04:29:03
To help prevent search engines spidering your admin pages add:
<META NAME="ROBOTS" CONTENT="NOINDEX,NOFOLLOW"> inbetween the <head> </head> section of shopadmin_header.htm
I wrote a simple include file that I put at the top of you shopadmin.asp (renamed of course) see below.
This carries out two operations: if your internet connection has a fixed IP it checks it and if OK does nothing.
If the IP is not known, it then checks the header for a password. If correct allows you in.
However, you only have a set amount of tries, over a given time. If you exceed the amount of tries, it locks you out for a while and redirect to a page not found. This makes it appear as if the page no longer exists.
I use this software for two reasons.
Although I normally do ĎAdminí duties while at the office (Fixed ID)
I can still work from home using a dynamic IP or check whatís going on from any remote location.
It prevents Hackers using brute force password crackers to get into your site.
Software note to VP-ASP programmer.
I see optional include files in your software controlled by asp.
Also in some case statement i.e.
<!-- #include file= A -- >
<!-- #include file= B -- >
<!-- #include file= C -- >
As far as I understand, this does not work as all include files are included BEFORE any the execution of the asp code???
Does this cause any problems / security problems.
Final comment to VP-ASP Designer.
You must improve the credit card security section of your software against hackers. You also need to automate deleting and changing file names and locating the database. I got hacked BIG time it cost the credit card people over £10,000!
Security should be inherent in the design without the need to read a big fat manual.
PS Your tech support if second to none - thanks
'this will allow MY_IP_NUMBER through OR querystring QNAME=PASSWORD
'in this example www.mysite.com/myshop/adminpageforshop.asp?GetMeIn=Emergency
'the "?GetMeIn=Emergency" part is only required if your IP is dynamic or not equal to MY_IP_NUMBER
Const MY_IP_NUMBER = "12.3453.67.89" 'your fixed IP address - *** Change to fit
Const TIME_OUT = 3 'munites
Const MAX_TRIES = 4
Const PASSWORD = "Emergency" 'case sensitive - *** change
Const QNAME = "GetMeIn" ' -*** change
Const REDIRECT_TO = "http://www.yoursite.com/404" ' - ***change
if request.ServerVariables("REMOTE_ADDR") <> MY_IP_NUMBER then
If Application ("SecurityLastIn") = "" then Application("SecurityLastIn") = Now()
If Application("SecurityCount") = "" then Application("SecurityCount") = 0
if datediff("n",Application("SecurityLastIn"),Now()) => TIME_OUT then
Application("SecurityCount") = 0
Application("SecurityLastIn") = Now()
Application("SecurityCount") = Application("SecurityCount") + 1
if (Application("SecurityCount") => MAX_TRIES) OR (request.querystring(QNAME) <> PASSWORD) then response.redirect(REDIRECT_TO)