Home > Other Systems (CPVLab, iMobiTrax, P202, Track Revenue, Click, Google Analytics, etc.) > Normal Prosper202

Securing Prosper202 with an extra password (Htaccess) (11)

02-08-2012 05:36 AM #1 julien (Member)
Securing Prosper202 with an extra password (Htaccess)

Hi,

I was looking for a way to secure Prosper202.
I used these techniques in the past but the post has disappeared: http://masterlesssamurai.com/ppc/tip...-installation/

I have get back the Htaccess that I found 2 years ago on masterlesssamurai.com.

So, in order to prevent bruteforce or guys trying to enter in your Prosper202 installation, you can use what's following.

I didn't want to allow access to my Prosper202 for a certain IP address only, because my IP address is dynamic and I use several PC at different places.

I prefer to block 202-login.php with the following Htaccess:

1/ Create a file named .htaccess

<Files 202-login.php>
AuthUserFile /home/www/YOURDOMAIN/.htpasswd
AuthGroupFile /dev/null
AuthName "Enter ID and password"
AuthType Basic
require valid-user
</Files>

You need to find the correct path for the line /home/www/YOURDOMAIN/.htpasswd.
I use phpinfo() for that.

2/ Create a file named .htpasswd
yourlogin:yourpassword

I use this tool for having the correct syntax:
http://www.htaccesseditor.com/en.shtml#a_basic

It should be something like:
login:J2CBzdA5UdPvI

3/ Upload at the same place where 202-login.php is located.


This technique allow you to run your Prosper202 everywhere, with an extra security.
Correct me if I'm wrong but this doesn't affect the redirection.
It just protects your login panel.

Please don't ask technical questions, I won't be able to answer.
I just know I used this and it worked like a charm

02-08-2012 06:43 AM #2 hd2010 (Member)

if you secure using htaccess, how are the traffic going through ? needed to key in password for each time ?

02-08-2012 07:24 AM #3 julien (Member)

Of course not
You're securing the administration panel, not the redirect files

That's why the line <Files 202-login.php> is very important.
You're telling your server to apply this password ONLY to 202-login.php.

I'm using this system for 2 years now, without any problem.

02-08-2012 08:39 AM #4 manutv (Member)

Thanks for the tip!

Some guy has been trying to hack into my prosper for a while now lol...there was a post somewhere in the forum about hiding the login page but I couldn't find it. Perfect timing

02-08-2012 08:48 AM #5 julien (Member)

I'm glad to help lifetweak.
In 2 years, I have never seen any other login attempt than mine

02-08-2012 10:38 AM #6 hd2010 (Member)

remember to change the password often and store the password some where safe

02-08-2012 02:18 PM #7 polarbacon (Moderator)

also rename the login.php to something else....

thats one of the best ways to avoid hacks as there are bots out there that all they do is look for pages that are login.php and try to hack in....

02-08-2012 05:30 PM #8 hd2010 (Member)

those idiot bots look out for setup.php, install.php, just go through your web server log you will know

02-08-2012 05:36 PM #9 sm1810 (Member)

^ speaking of which this is the very first thing you should also do on cpvlab change the /cpvlab/login.php to something else.. having a different directory so it's not domain/cpvlab/login.php also helps

02-08-2012 05:39 PM #10 hd2010 (Member)

i rather use a subdomain which point to a subfolder, somecoolsubdomain.domain.com/login.php.... at least shorter url and easy to type and remember

02-08-2012 07:09 PM #11 julien (Member)

Quote Originally Posted by polarbacon View Post
also rename the login.php to something else....

thats one of the best ways to avoid hacks as there are bots out there that all they do is look for pages that are login.php and try to hack in....
Thank you, it's very easy to do, I have just renamed 202-login.php and modified the redirection in index.php and that's it.
It's a great tip

Home > Other Systems (CPVLab, iMobiTrax, P202, Track Revenue, Click, Google Analytics, etc.) > Normal Prosper202