subrion
subrion copied to clipboard
To prevent hacker security development recommendations
To prevent hacker security development recommendations
The robots exposed the / panel path
In the system configuration, add the system background / panel path to limit the entry of IP access. Prevent insecurity.
1 / Panel path can be bound to secondary domain name, non-secondary domain name can not access / panel path
2 / Panel path to the fill in the project: local access, specify the IP list
3
Database Tools Restricted Access: Local Access, Specify IP List
Hi,
Thanks for pointing to these issues.
In the system configuration, add the system background / panel path to limit the entry of IP access.
Thanks. We already have this in our todo list so it will be added soon. Robots file does not actually help if you already know it's Subrion. We highly recommend to change the default URL of admin dashboard to all our customers.
-
Secondary domain name = subdomain? Well, I don't think we can implement this easily considering current core architecture. Anyhow, the path to admin panel can be easily changed.
-
Yes, this will be added soon. Whitelist IPs to access admin panel
-
Database tools access can be disabled via Permissions system. Anyhow, it does not make any sense as the system allows to modify literally anything if you have access to create PHP/Smarty blocks. Admins can embed php code of adminer.php for example and it will work in a block.
Thanks
hi @vbezruchkin
For access to the administrator panel path by restricting white list IP.
Restrict IP access to the admin panel permissions page outside the white list.
At this time, the IP and users without permissions should be jumped back to the 404 page.
Is this more reasonable?
Administrator background security design:
Added to the system settings.
1 WAN access settings
URL list type Blacklist: The address configured in the blacklist is not allowed to be accessed White List: Only when the address in the whitelist is allowed to be accessed
If you set a whitelist, 127.0.0.1, or 192.168.1.2, or localhost to access the background, other URL addresses can not access the background.
2 MAC filter settings:
Limit the blacklist and whitelist MAC address to reach the limit of illegal access to the user.
3 Manage the custom address of the console address
Should be designed to bind a secondary or primary domain name and access the administrator panel page through a secondary or primary domain name.
4 Turn on the verification code and login function of the login page
Administrator login page, and the general front user login page, should be able to provide you can turn on or off the verification code, and login problems. You can customize the problem, as long as the correct answer to log.