Results 1 to 3 of 3

Thread: Control Panel only accessible by single IP

  1. #1
    garfish's Avatar
    garfish is offline I'm Not Sure.
    Join Date
    May 2009
    Posts
    848
    Blog Entries
    12
    Thanks
    155
    Thanked 57 Times in 54 Posts

    Control Panel only accessible by single IP

    My blog was compromised 3 days ago. The guy probably deleted or maybe took my database and then installed a new one which is completely empty. I have no idea how they got inside. So maybe if there is a way I can limit which IP can access my cpanel.

    I know I can make a single IP access a dashboard through htaccess, but this time I'm gonna try cpanel, is this possible?

  2. #2
    hamsta's Avatar
    hamsta is offline Unknown Net Builder
    Join Date
    Mar 2013
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sorry to here that garfish. Take a look at this tutorial -
    Code:
    http://www.siteground.com/tutorials/cpanel/ip_deny_manager.htm

  3. #3
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,078
    Thanks
    347
    Thanked 913 Times in 697 Posts
    I don't think that tutorial will help you to block users from hacking the control panel. It is used to prevent certain user IPs from accessing your site. You probably cannot block access to the control panel unless you have root access to your server. Have you asked your hosting company for a solution? The directories that you need to block are dependent upon your server configuration and very likely require root access in order to block them.

    Here is a method commonly used to prevent hackers from accessing the WordPress admin area. Scroll down to the section that is titled, "Apache .htaccess when you have a static IP." If you have access to the control panel directory, you can use that method to block access to all IPs except your own.

    http://www.linuxforu.com/2012/04/how...-socks5-proxy/

    Here is the code to use with the .htaccess file. You will need to place it in the control panel and probably also in the phpMyAdmin directory. Substitute your IP for the xx.xx.xx.xx. This only works if your ISP assigns you a static IP that never changes. Be careful with this. You will lock yourself out if your IP changes. Check with tech support at your hosting company to see if this will work with your sever configuration.

    Code:
    Order Deny,Allow
    Deny from all
    Allow from xx.xx.xx.xx

    If the database is empty, they probably hacked phpMyAdmin. I see hundreds of hack attempts against my sites every month where bots are trying to determine the location of phpMyAdmin. Check your error 404 report and you will see lots of attempts to find that location.

    It sounds like you need to use a more complex password. If they broke in, it was probably because they hacked the password.

    I hope you had a database backup.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •