Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

A Kind Reminder On Usernames
 
elfling
Enthusiast
 
Avatar
Total Posts:  901
Joined:  2008-10-21
 

Would just like to remind all those setting up a new store

IP: 37.9.53.71

This ip address attempted to login to the administration using user credential admin 537 times In the space of 4 minutes.

I don’t setup stores with a user admin or administrator or anything else that would be considered a general term.

Putting no follow /administrator into the robots.txt file is also giving them easy access to the admin login page.

Putting rel noindex, nofollow tags into the login.phtml file is the best way to stop the page appearing in search engines and someone just looking at the robots.txt file.

You will also need to setup the admin with a unique url.

On a secondary note:
Using blogging / news modules or any other module that posts to the front end and gives the username of who it was posted by, make sure you either remove the username from the template or hopefully there is the option to set a sudo name when writing the post.

Let’s make it as hard as possible for these suckers.

Developers, stop leaving your .tar.gz files open for everyone to see! 

A quick google search revealed to me straight database access to many websites if you download the .tar.gz files and look at the login details.

 
Magento Community Magento Community
Magento Community
Magento Community
 
TRMMarketing
Sr. Member
 
Avatar
Total Posts:  145
Joined:  2009-11-29
 
elfling - 22 November 2012 05:43 AM

Developers, stop leaving your .tar.gz files open for everyone to see! 

A quick google search revealed to me straight database access to many websites if you download the .tar.gz files and look at the login details.

I concur, many times when we begin consulting on a project we find previous developers/store owners keep their website backups in the websites root directory, not a good practice.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Magento Lab
Sr. Member
 
Avatar
Total Posts:  77
Joined:  2010-11-09
Paris
 

Interesting, thanks for sharing this!

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top