VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 admin outside site root
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

calumog
Starting Member

7 Posts

Posted - May 08 2004 :  07:09:44  Show Profile  Reply with Quote
Has anybody tried moving the admin pages to a folder other than the shopping pages? I'm quite anxious about the admin being in the same folder as everything else (except the database of course). I've followed all the security recommendations but there are tools out there that will find your admin login page even if you have renamed it. I'm not up on brute forcing asp login screens but its obviously possible. I've used the updated shopadmin.asp page which locks out unauthorised ip addresses but I'm still worried.
I am running my site locally but the isp I plan to use when it goes live has a directory for admin. I'd like to use it but I'm just wondering how much work is involved.

Cheers

Dulrr
VP-ASP New User

57 Posts

Posted - July 06 2004 :  16:02:00  Show Profile  Visit Dulrr's Homepage  Reply with Quote
I've been looking at the files and such, and if I'm not mistaken you should be able to simply copy all "shoppa_" files, shopadmin1.asp and [youradminloginpage].asp into another folder. I haven't actually tried it yet, but as long as you can still read your database from the other folder it should work. (And worst case scenario you can just copy/paste the files back if this doesn't work )


*goes off to tinker further - will report back shortly with result*

~D
Go to Top of Page

Dulrr
VP-ASP New User

57 Posts

Posted - July 06 2004 :  16:28:55  Show Profile  Visit Dulrr's Homepage  Reply with Quote
Progress report: Looks like you'll also need shopadmin.css, and either a copy of the include files (shop$db) or update all the links to 'em.

*Please hold while files upload*

Alright! Seems to be working. None of the pics (most notably the help buttons) display, but that's easily fixed... The help button pic is "vpasp_configquestion"

"shopadminheader" and "shopadmintrailer" should be copied over, and the shopheaders file updated accordingly...

A copy of "shoperror.asp" should also be moved...

And it seems that's all there is to it! I'm not sure if my site managing program updated links anywhere else when I moved the files over, but I think that was everything!

Note: going through the shopadmin pages I've noticed they're considerably slower right now. I'm guessing it's because the server has to recompile all the vbscript.

~D

[edit: July 7] Yup - admin pages are loading at the proper speed now, the slowness seems to have been the server having to generate the pages for the first time. The vpnav_reset and vpnav_search images were also missing. Now to mess around and admin a few things to see if everything still works in practice and not just in appearance... No problems anticipated, though.
[edit: July 7, again] Everything seems to be working just peachy-keen! I've mucked around with a few variables and all changes still applied properly.

Edited by - Dulrr on July 07 2004 09:14:15

Edited by - Dulrr on July 07 2004 09:48:23
Go to Top of Page

keng
VP-ASP New User

152 Posts

Posted - July 13 2004 :  22:31:14  Show Profile  Reply with Quote
Hi,

I tried exactly like what you said and it didn't work (Function wise). It broke my admin area. I'd appreciate if you can please put more input whatelse you did that made you successful from transferring them. Thanks!!! Much appreciated.

I Copied from old folder to new folder...
shoppa_ (files)
shopadmin1.asp
shopadmin.asp
ashopadmin.css
shop$db
shopadminheader
shopadmintrailer
shoperror.asp


Go to Top of Page

Dulrr
VP-ASP New User

57 Posts

Posted - July 14 2004 :  08:38:25  Show Profile  Visit Dulrr's Homepage  Reply with Quote
Will try! Dreamweaver had automatically updated several of the moved pages to maintain link integrity, so it might take a few moments of digging to find the exact places.

Do you have the actual error message handy? It would probably make backtracking just a little bit easier...

~D
Go to Top of Page

Dulrr
VP-ASP New User

57 Posts

Posted - July 14 2004 :  09:41:23  Show Profile  Visit Dulrr's Homepage  Reply with Quote
Well, during my coffee break this morning I ran a quick search and compiled a more complete list of the files that had been played with. Hope this helps!
___________________________________________________________

The following files had been moved. Additionally, I have included a list of the files which Dreamweaver modified links to to preserve site integrity. (A very highly recommended program, BTW - I can make mass movements, find code anywhere in the site, set up a test server locally to view pages before uploading 'em - and more!)

quote:
[renamed admin page]

all shopa_ files
---------------------------------------------------
Links to following include files had been updated:
shop$db
shopmdhash.asp
shop$language2.asp
shophash.asp
shopcountries.asp
shopformatorder.asp
shoptrackingorder.asp
shopformatordersupplier.asp
shopfileio.asp
shopmail.asp
shopreadfile.asp
shopmailformattemplate.asp
shopdateform.asp
shopsecuritycheck.asp

additionally:
shopa_confighelp and shopa_producthelp link to vpasp_top.gif
-------------------------------------------------------------------
shopadmin.css

shopadmin1.asp

shoperror.asp

shoplogo.gif

shopproductcheck.asp

vpasp_configquestion.gif
vpnav_continue.gif
vpnav_reset.gif
vpnav_search.gif


For you it would probably be easiest to simply copy over the included files instead of going through and updating each page - Including the numerous vpasp_top.gif buttons in the two help files (estimated at 50 of the search results) I got a list of "140 items found in 64 documents"!

If you're still having trouble and/or I missed something in my haste please let me know

~D
[edit] - Taking another look at the updated files, changes made to shopa_editdisplay were in error and should not have been made. They have been taken out of the list of changes above, hopefully avoiding confusion.

Edited by - Dulrr on July 16 2004 10:47:12
Go to Top of Page

jackbox
VP-ASP New User

United Kingdom
72 Posts

Posted - August 02 2004 :  01:27:40  Show Profile  Visit jackbox's Homepage  Reply with Quote
If your server has a policy which limits directory roaming outside of webspace, moving admin to https doesn't work as it won't upload images. Would be interested if anyone else has had that problem other than recoding chunks of the cart to pull images from https and putting all your images in there too, I couldn't find a solution.

Go to Top of Page

jackbox
VP-ASP New User

United Kingdom
72 Posts

Posted - August 05 2004 :  11:13:27  Show Profile  Visit jackbox's Homepage  Reply with Quote
Is it not possible to move the login page only to https (ssl) thereby offering better protection but for actual admin functionality, leave that in http and redirect to there following a succesful login? In otherwords, only the admin login is via https? I've been trying this but then have a session problem.

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000