There are dynamic IPs.... so, it is better in the htaccess.ADD Creative wrote: ↑Mon Apr 04, 2022 6:11 pmThey both do the same thing. It is probably more efficient to do the same in htaccess. That was the server doesn't have to start a PHP process.
viewtopic.php?f=179&t=225771&start=20#p836216
If the IP addresses you access the admin from doesn't change it is best to add an allow list and ban all others.
Code: Select all
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^admin/.*$ - [F] Can you explain in more detail?thanos74 wrote: ↑Tue Apr 05, 2022 7:15 pmI set the in htaccess:I see login attempts at https://mail.example.com/adminCode: Select all
RewriteCond %{REQUEST_METHOD} POST RewriteCond %{QUERY_STRING} ^$ RewriteRule ^admin/.*$ - [F]
It's not unusual for bots to try a range to locations. What the result is depends on how your server is set up.thanos74 wrote: ↑Tue Apr 05, 2022 7:54 pmAttackers tried from subdomain mail to /admin
https://mail.example.com/admin
This suggestion will work for static IPs.websiteworld wrote: ↑Fri May 06, 2022 7:46 amWe restrict access to the /admin/ folder by permitted IP addresses. Solves the problem entirely and is a good overall practice.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
Spinning Social : Links : Menus : Payments : Socials : Ads : Screen Backgrounds : Galleries : Headers : Banners : Promos
Users browsing this forum: No registered users and 2 guests
