admin tools url secret word - OSTraining Support

Welcome, Guest

TOPIC: admin tools url secret word

admin tools url secret word 9 months 1 week ago #54346

scottshort
OFFLINE
OSTycoon
Posts: 234
Karma: 0

Hi all

I have following your excellent Security course and I have Admin Tools Pro on your recommendation. The first thing I did was add a secret url word to my development 2.5 site where Admin Tools is installed. Now I have a bizarre problem: For obvious reasons, I keep this dev site offline. As it is supposed to be, now if you attempt to access the "administrator" url you are kicked back to the home page. In my case, you should be presented with a login page. But with this change, it appears that you can bypass the login page and go directly to site, even with site set to offline. Can anyone comment or help with this? I would like to keep this secret word, but not if it opens my site to all those hackers who are trying to access my admin page!

Thanks
Scott

Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 1 week ago #54354

Nick OFFLINE Administrator Posts: 16846 Thank you received: 394 Karma: 57	Hi Scott, Would you send me some login credentials to This email address is being protected from spambots. You need JavaScript enabled to view it. so I can take a quick look for you? Please include a link to this forum post in the email and then afterward reply to this forum post letting me know you sent the email so that I can check it. Kind regards, Nick
	Follow us on Twitter - twitter.com/OSTraining Like us on Facebook - facebook.com/ostraining Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 1 week ago #54363

scottshort OFFLINE OSTycoon Posts: 234 Karma: 0	Hi Nick What level of login do you require? If site is "offline" would "registered" be enough or would you need higher access? Thanks Scott
	Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 1 week ago #54365

Nick OFFLINE Administrator Posts: 16846 Thank you received: 394 Karma: 57	Hi Scott, Super User would be best. Kind regards, Nick
	Follow us on Twitter - twitter.com/OSTraining Like us on Facebook - facebook.com/ostraining Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 1 week ago #54381

scottshort OFFLINE OSTycoon Posts: 234 Karma: 0	Hi Nick Having a strange problem. I can not create a user for you with permissions higher than registered. Anything higher gives me a 403 error. See pic. Any idea what is causing this? I just created a second super user yesterday without any problem. Regards Scott
	Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 1 week ago #54385

Nick OFFLINE Administrator Posts: 16846 Thank you received: 394 Karma: 57	Hi Scott, Disable your Admin Tools system plugin and you'll likely be able to. Re-enable it afterward. Check your settings in Admin Tools Pro as there's likely a setting in there. Kind regards, Nick
	Follow us on Twitter - twitter.com/OSTraining Like us on Facebook - facebook.com/ostraining Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 1 week ago #54390

jmc NOW ONLINE OSTop Dog Posts: 1385 Thank you received: 109 Karma: 8	Hi Check this Admin Tools >>Web Application Firewall >> Configure WAF Check that "Disable editing backend users' properties" is set to NO. Regards
	Mark Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 1 week ago #54392

scottshort OFFLINE OSTycoon Posts: 234 Karma: 0	Thanks Mark, that did it! Nick please check your email from me: This email address is being protected from spambots. You need JavaScript enabled to view it. EDIT: CHECK 2ND EMAIL ALSO WITH URL WORD Thanks Scott
	Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 4 days ago #54461

Nick OFFLINE Administrator Posts: 16846 Thank you received: 394 Karma: 57	Hi Scott, In your global configuration, "Site Offline" is set to No. If you change it to Yes, it appears that everything is working properly. Let me know if you spot any other issues. Kind regards, Nick
	Follow us on Twitter - twitter.com/OSTraining Like us on Facebook - facebook.com/ostraining Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 4 days ago #54482

scottshort OFFLINE OSTycoon Posts: 234 Karma: 0	Hi Nick, Sorry for confusion, but I was convinced that site was set to offline as I always leave it offline. But now for some reason, the secret url word is not working. I can access backend directly by typing only "administrator". Is there another setting that activates this secret url that I am now overlooking? Thanks Scott
	Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 4 days ago #54484

Nick OFFLINE Administrator Posts: 16846 Thank you received: 394 Karma: 57	Hi Scott, No problem! :) As to secret URL word, it's likely working, but you've recently entered it and therefore don't have to renter it again. I think if you log out, you would have to enter the secret word again. Kind regards, Nick
	Follow us on Twitter - twitter.com/OSTraining Like us on Facebook - facebook.com/ostraining Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 4 days ago #54489

scottshort OFFLINE OSTycoon Posts: 234 Karma: 0	Correct again Nick! Thanks - got it figured out Regards Scott
	Please become a member of OSTraining to reply to this post.

admin tools url secret word 9 months 4 days ago #54492

Nick OFFLINE Administrator Posts: 16846 Thank you received: 394 Karma: 57	Great! You're welcome, Scott! :) Kind regards, Nick
	Follow us on Twitter - twitter.com/OSTraining Like us on Facebook - facebook.com/ostraining Please become a member of OSTraining to reply to this post.