28 May Accessing the Administrator Site
Yesterday I added a “.htaccess” file to the website’s /administrator directory. (If you need to, read about ‘htaccess files on Wikipedia.) This file blocks any access to the administrator “back-end” of the website except from an HTTP_REFERRER.URL of fearringtonfha.org. The link to the gateway code that checks this is visible beneath the “Admin” drop-down menu. The Admin dropdown menu is only visible on the website if the visitor is a) logged-in and b) the login is a “special” login, i.e., has priviledges as a Manager, Administrator, or Super User.
I made this change to combat attempts to login from eastern Europe and Asia, which were coming in at a rate of up to 50,000 an hour. The new .htaccess blocks any access to the admin site except as noted above, and returns an HTML error 403 for any other attempts at accessing this admin directory. This measure has stopped the presumed hackers cold.
If you need to access the administrator site, you will need to get there indirectly:
- Login to the site’s front-end https://www.fearringtonfha.org with a “special” login.
- Under the Admin drop-down click “Access Admin” and you should see the administrator login. Login again and you’re in.