subrion icon indicating copy to clipboard operation
subrion copied to clipboard

Published 20 hours ago verified publisher icon intelliants

To prevent hacker security development recommendations

Open gesonchi opened this issue 6 years ago • 3 comments

To prevent hacker security development recommendations

The robots exposed the / panel path

In the system configuration, add the system background / panel path to limit the entry of IP access. Prevent insecurity.

1 / Panel path can be bound to secondary domain name, non-secondary domain name can not access / panel path

2 / Panel path to the fill in the project: local access, specify the IP list

3

Database Tools Restricted Access: Local Access, Specify IP List

gesonchi avatar Aug 30 '17 16:08 gesonchi

Hi,

Thanks for pointing to these issues.

In the system configuration, add the system background / panel path to limit the entry of IP access.

Thanks. We already have this in our todo list so it will be added soon. Robots file does not actually help if you already know it's Subrion. We highly recommend to change the default URL of admin dashboard to all our customers.

  1. Secondary domain name = subdomain? Well, I don't think we can implement this easily considering current core architecture. Anyhow, the path to admin panel can be easily changed.

  2. Yes, this will be added soon. Whitelist IPs to access admin panel

  3. Database tools access can be disabled via Permissions system. Anyhow, it does not make any sense as the system allows to modify literally anything if you have access to create PHP/Smarty blocks. Admins can embed php code of adminer.php for example and it will work in a block.

Thanks

vbezruchkin avatar Sep 05 '17 06:09 vbezruchkin

hi @vbezruchkin

For access to the administrator panel path by restricting white list IP.

Restrict IP access to the admin panel permissions page outside the white list.

At this time, the IP and users without permissions should be jumped back to the 404 page.

Is this more reasonable?

gesonchi avatar Sep 07 '17 06:09 gesonchi

Administrator background security design:

Added to the system settings.

1 WAN access settings

URL list type Blacklist: The address configured in the blacklist is not allowed to be accessed White List: Only when the address in the whitelist is allowed to be accessed

If you set a whitelist, 127.0.0.1, or 192.168.1.2, or localhost to access the background, other URL addresses can not access the background.

2 MAC filter settings:

Limit the blacklist and whitelist MAC address to reach the limit of illegal access to the user.

3 Manage the custom address of the console address

Should be designed to bind a secondary or primary domain name and access the administrator panel page through a secondary or primary domain name.

4 Turn on the verification code and login function of the login page

Administrator login page, and the general front user login page, should be able to provide you can turn on or off the verification code, and login problems. You can customize the problem, as long as the correct answer to log.

gesonchi avatar Sep 07 '17 06:09 gesonchi