|
Admin folder authentication? 5 Months, 2 Weeks ago
|
|
|
Tom,
First off, thank you so much for creating such a powerful extension. This has been a cornerstone of our church's website.
I have our administrator folder password protected. Whenever someone accesses any of the biblestudy pages from the front-end, the page is requesting authentication into the administrator folder (prompting a log-in). if you hit 'cancel' enough, the front-end biblestudy page (sermons, or teachers list) loads fine.
How can I keep from getting these authentication requests into the admin folder? For security reasons, I don't want to remove the password protection from this folder.
I'm running Biblestudy 6.1.5 on a Joomla 1.5.15 install.
Thanks so much!
|
|
|
|
|
|
|
Re:Admin folder authentication? 5 Months, 2 Weeks ago
|
|
|
Glad you find the component useful!
Can you give me your site url so I can see this happening?
The only thing I can think of is that you have set the parameters for Bible Study to allow front end entry. You set this in the Administration tab of Biblestudy. See if that does it.
Tom
|
|
Tom
Administrator
Posts: 855
|
|
"You shall know the truth and the truth shall set you free." JC |
|
|
Re:Admin folder authentication? 5 Months, 2 Weeks ago
|
|
|
Thanks for the quick reply.
Front-end submissions is disabled. The problem seems to be whenever you access the list views but not when you access the details views.
The website is in my profile here.
On the main menu bar, 'about us'->'staff' will take you to teacher's list and 'resources'->'sermons' will take you to lesson list. On the home page on the left under the church address and information, the first two links will take you to teacher details.
Thanks again!
|
|
|
|
|
|
|
Re:Admin folder authentication? 2 Months ago
|
|
|
Had the same issue. The problem stems from the fact that you have restricted access to the administrator folder through .htaccess, yet there are some files in BibleStudy in the list view that point to the administrator folder.
The solution was to:
1. Navigate to you sermon page
2. Cancel out of the Admin login
3. Check the page source code
4. Search for the word "administrator"
5. Notice the three or four files that are referenced
6. In your File Manager COPY (don't move) those files or folders from the "administrator/components/com_biblestudy" folder
7. Paste within the "components/com_biblestudy" folder
8. Change the links in the file "components/com_biblestudy/views/studieslist/view.html.php" to point to the new location
Your done!!!
Hope this helps!
|
|
|
|
Last Edit: 2010/05/29 18:29 By PastorJohnLeger.
|
|
|
Re:Admin folder authentication? 2 Months ago
|
|
|
I didn't realize some were restricting access to the administrator folder. I'll have to recheck some things because I think in our version 6.2 there are more files and classes on the administrator side used by the front end component.
Thanks for the find!
Tom
|
|
Tom
Administrator
Posts: 855
|
|
"You shall know the truth and the truth shall set you free." JC |
|
|
Re:Admin folder authentication? 1 Month, 4 Weeks ago
|
|
|
You are welcome!!!
Restricting access to the administrator folder via .htacess places an additional layer of protection to keep hackers from hacking our site.
By the way about, our site had been hacked about a month ago. When I checked the raw access logs it became quite clear that the hacker gained access via your BibleStudy component. The hacker used "Directory Traversal" attacked. If you don't know what that is I would suggest you do some research on the matter.
May I suggest that you consider emailing registered users when a security patch or a new release is available. It took me 12 hours to repair the four ministry sites I built and manage.
I have since installed OSE Anti-Hacker, which catches every "Directory Traversal'' attempt and blocks and blacklists the IP address.
Thank YOU for this component.
Agape,
Pastor John Leger
|
|
|
|
|
|
|
