Login / Daftar Ahli
::  Home •  Download  •  Your Account  •  Forum  •  E-Cards  •  Zul Map  •  AlQuran 
hdr Choose Language hdr

Welcome to my website.
Your information

For security purposes,
all activities are logged.
ftr spacer ftr
hdr Terjmhn- Translate hdr
ftr spacer ftr
hdr Susunan Menu hdr
home.ico Utama - Main

som_downloads.gif Interaktif - Interactive
kumpulan Buku Pelawat - Guestbook
kumpulan Maklumbalas - Feedback
kumpulan Akhbar
kumpulan Forum
kumpulan Mesej - Private Message
kumpulan Kirim Berita - Submit News

kumpulan Link To Us
kumpulan Pautan - Weblinks
kumpulan Kajiselidik - Surveys
dunia.ico Khidmat - What's Here
kumpulan Muat Turun - Download
kumpulan Peralatan PHPNuke
kumpulan Guistuff
kumpulan Webtoolsbaru
kumpulan Tips & Panduan

kumpulan Zul E-Kad
kumpulan Zul Ascii
kumpulan Zul Webcam
kumpulan Zul MAP
kumpulan Zul Traffic

kumpulan Akhbar
kumpulan Buttons
ftr spacer ftr
hdr Ayat Quran hdr

Dan tidakkah mereka (orang-orang munafik) memperhatikan bahwa mereka diuji sekali atau dua kali setiap tahun, kemudian mereka tidak (juga) bertaubat dan tidak (pula) mengambil pelajaran?.



ftr spacer ftr
hdr Ruang Sembang hdr

Only registered users can shout. Please login or create an account.
ftr spacer ftr
hdr Tukaran Matawang hdr

Tukaran Wang Asing pada waktu semasa ialah:




ftr spacer ftr
hdr TV Internet hdr
Belum ada apa-apa kandungan lagi.
ftr spacer ftr
hdr Radio Internet hdr
Pilih Stesyen Anda:
Terdapat 20 stesyen kesemuanya


Buka di window lain

ftr spacer ftr
hdr Random Headlines hdr

[ Creative ]

·Zul Wallpaper Changer Versi 2.0
·Ratapan Si Anak Kecil
·Punca Dendam...
·Mungkin Ya Mungkin Tidak
·Ia Pergi Tanpa Menjamah Sebiji Pun...
ftr spacer ftr
hdr MP3 Player hdr

Klik > untuk memulakan MP3 dan >> menukar lagu

Buka Di Window Lain
ftr spacer ftr
hdr Pautan -Weblinks hdr
Jumlah Pautan: 118
Jumlah Kategori: 10
Jumlah Hits: 215855

Pautan Terkini
· 1: e-informasi.com
· 2: Lawak Jenaka Online
· 3: Ustaz Melaka.Net
· 4: Forum Komuniti Radio Amatur Kuala Krai
· 5: Pelajari Perisian Sumber Terbuka

Hits Tertinggi
· 1: Forum Komuniti Radio Amatur Kuala Krai
· 2: Sek Keb Taman Kosas
· 3: TranungKite
· 4: PHP Malaysia
· 5: Bukitbesi.net

Pautan web

ftr spacer ftr
hdr LPZH WAP Access hdr

hpLPZH kini boleh diakses dari Telefon WAP di alamat

ftr spacer ftr

Dikirim pada Thursday 08-02-2007 03:41 oleh zulkiply
Web DesignRecently, I wrote a guide on how to modify phpnuke captcha and has resulted in a flurry of comments and queries requesting me to write a guide on "how to change admin.php?"

This article is not intended to teach you how to hack into PHPNuke but how to secure it properly. Since most of hackers are targetting this critical file to achieve their mission
you have to camouflage the file and secure it properly.

Read the rest of this article for some ideas on how to secure your PHPNuke against hackers...

Even during the installation phase of phpnuke, we are told to change the admin.php. Here are a few lines found on top of config.php

# $admin_file: Administration panel filename. "admin" by default for
# "admin.php". To improve security please rename the file
# "admin.php" and change the $admin_file value to the
# new filename (without the extension .php)

Thats it! But how many of us have change it?
Let us start.

1) Fire up your config.php which is in the root (if you have not move it elsewhere).
Then find for this line:

$admin_file = "admin";

Change it to something else, what name you want your admin file to be (its only you know it), for example:

$admin_file = "hibiscus";

Note: (without the extension .php)

Save this config.php file.

2) Now make a copy of admin.php and rename the copy as hibiscus.php. Bring out the original admin.php to some where else - maybe you need it back if something goes wrong while following the process here).

3) This step involved some lines in your database. So now go to your mysql and find your database and modify to fit your needs. For example, in the SQL query type this (dont forget to change hibiscus.php to the name you have chosed in no.1):

DELETE from nuke_blocks where bid=2 and bkey=''''admin'''';

INSERT INTO nuke_blocks VALUES (2, ''''admin'''', ''''Administration'''', ''''<strong><big>&middot;</big></strong>
<a href="hibiscus.php">Administration</a><br>\r\n<strong><big>&middot;</big></strong>
<a href="hibiscus.php?op=adminStory">NEW Story</a><br>\r\n<strong><big>&middot;</big></strong>
<a href="hibiscus.php?op=create">Change Survey</a><br>\r\n<strong><big>&middot;</big></strong>
<a href="hibiscus.php?op=content">Content</a><br>\r\n<strong><big>&middot;</big></strong>

<a href="hibiscus.php?op=logout">Logout</a>'''', '''', ''''l'''', 2, 1, 0, ''''985591188'''', '''', '''', 2, ''''0'''', ''''d'''', 0);

4) Done? Not yet. Now go to your nuke/admin folder. There are so many files in each sub-folder. Lets do it one by one together.

a) Begin with nuke/admin/case subfolder
Try to open 1 file in this subfolder named case_authors.php
Find the line

"if (!eregi("admin.php", $_SERVER[''''PHP_SELF''''])) { die ("Access Denied"); }

Since you have rename the file to hibiscus.php, the statement there should now changed to
if (!eregi("hibiscus.php", $_SERVER[''''PHP_SELF''''])) { die ("Access Denied"); }

Save it.

Do the same to all files in this subfolder.

But sometimes you may encounter a different statement there like:

if ( !defined(''''ADMIN_FILE'''') )
die("Illegal File Access");

if it is so, then leave it as it is.

b) Now go to nuke/admin/links subfolder

Fire up one of the files there such as links_blocks.php
find this line:

if (!eregi("admin.php", $_SERVER[''''PHP_SELF''''])) { die ("Access Denied"); }
if ($radminsuper==1) {
adminmenu("admin.php?op=BlocksAdmin", ""._BLOCKS."", "blocks.gif");

You know what to do now, yes, change admin.php to hibicus.php

As usual, do the same to every files in the subfolder.

c) Go to nuke/admin/modules

Fire up one of the files there such as authors.php
hunt for this line:

if (!eregi("admin.php", $_SERVER[''''PHP_SELF''''])) { die ("Access Denied"); }

Change admin.php to the name you have chosen.

Do the same to all files in this subfolder.

Tke note that you may have installed several modules and that modules have created sub-sub folder in the admin/modules. So venture in each every file there to find whether there are changes to be made there - hunt for admin.php statement.

5) Then go to modules/_module_name/admin

Take up one subfolder that for instance nuke/modules/Reviews/admin
and fire up one of the files say index.php
There again you will find this statement

if (!eregi("admin.php", $_SERVER[''''PHP_SELF''''])) { die ("Access Denied"); }

Change the "admin.php" name.

do it to every files there and in every admin subfolders in nuke/modules.

6) Everything now should be in tact and should be working.

Try it now to bring up your new admin file and login.

Can you login and are you succesfully got into your admin panel?


a) Never disclose the name of your new file in your nuke especially in the front page. If there is a link to admin.php
in your menu, remove it OR make a fake admin.php file such as trapping those calling admin.php
by gathering their details and store it in a log file so that you can ban them.

For example you can gather the IP, referer, browser etc and keep it in a log.html file. This is a fake admin.php

//Set the date so we can store it in the text file.
$tdate = date("dS F Y h:i:s A");

//Check if there is a referer
$ip = getenv("REMOTE_ADDR");
$page = $_SERVER[''''REQUEST_URI''''];
//Store it in the log.html file ! DONT FORGET TO SET COUNTER.TXT CHMOD 777 !
$fp = fopen("log.html", "a");
$line = "$tdate | IP: $ip | Browser:$browser | Page: $pagen
fwrite($fp, $line);

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<title>Oops! You are not authorised to view this page


<h3>You do not have permission to access this page/directory. [error 401]

<p>... Get out from here!



You can always open up your log.html file to see who is trying
to hack your site via admin.php file.

8) FINALLY, it is a good practice to put your config.php file outside the
Web Server path, then you can create a new config.php with the line:

<?php include("../config.php"); ?>

ftrl spacer ftrr""
hdr Related Link hdr
· More about Web Design
· News by zulkiply

Most read story about Web Design:
Tutorial Blog : Bagaimana Mengembang dan Mengempiskan Posting

ftr spacer ftr
hdr Please take a second and vote for this article: hdr
Average Score: 5
Undi: 2

Please take a second and vote for this article:

Luar Biasa
Sangat Bagus

ftr spacer ftr
hdr Options hdr

 Printer Friendly Printer Friendly

ftr spacer ftr
hdr hdr
Topik Bersangkutan

Articles & News
hdr hdr hdr

hdr hdr
"HOWTO: HOW TO RENAME YOUR ADMIN.PHP" | Login/Daftar | 0 komen
Isi komentar adalah tanggung jawab pengirimnya.
hdr hdr hdr

hdr hdr
Anda tidak dibolehkan mengirim komentar, silakan daftar di sini
hdr hdr hdr
Valid HTML 4.01 Transitional Valid CSS! Valid HTML WDG [Valid RSS] [Valid Atom 1.0]
All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
All the rest © 2004-2006 ZULKIPLY HARUN.

Copyright © 2005 by Francisco Burzi.
This is free software, and you may redistribute it under the GPL.
PHP-Nuke comes with absolutely no warranty.


Penjanaan halaman: 1.12 Saat
NukeMalaysia by Zulkiply Harun

Add to My Yahoo! Add to Google Add To My MSN Subscribe in NewsGator Online xml-rss
[Valid RSS] [Valid RSS] [sitemap] [mcafee]
§§ Theme Athena for PHPNUKE by LPZH