Tutorial

How to secure, protect, and prevent unauthorized access to Dolphin 6x, 6.1x, and 7x administration panel.

One of the major drawbacks of just about any script is anyone can navigate to your administration area. Once there, anyone can attempt to figure out your administration panel username and password. In dolphin 7's case it is very easy to figure out the administrator username by simply browsing around the site first. So generally all one has to do is figure out the password.

You might use a very difficult or hard to guess password. This will obviously help. Unless you have a very popular site, or really tick someone off you probably don't have to worry too much, but you never know.

There are scripts out there that basically try every password combination possible until it figures it out. Since it is easy enough to find the admin username they really only need to run a script on passwords.

I wish dolphin would automatically block someone after 5 unsuccessful login attempts for a specific period of time, but it doesn't. Anyone can keep trying as long as they want with no restrictions.

So one of the best ways to prevent unauthorized access is to  block all ip addresses from your dolphin admin panel login page, except for your own ip address.

This is extremely simple to set up, and works great. Not only for dolphin, but for any other script out there. Any time there is an administration area login page it should be locked down and accessible only by you.

Most people have some kind of broadband internet now. Your internet provider assigns you an ip address for a specific period of time. Usually you keep the same ip address for several months to a year maybe. If you have a static ip address it will never change.

If your internet provider assigns you a new ip address each time you log on, then this might not work for you because your ip address would change frequently.

But, you really should consider locking your dolphin administration panel area down to help prevent unauthorized access, hacks, etc. if you can.

All you need to do is determine your ip address and make a simple change to your admin folder/directory .htaccess file.

There really isn't much to this, but just in case, you might want to download and backup your administration .htaccess file to your local PC.

First....

For Dolphin 6x/6.1x download and backup:
http://www.yoursite.com/admin/.htaccess

For Dolphin 7x download and backup:
http://www.yoursite.com/administration/.htaccess


Now....

You want to find your ip address. If you do not know what it is, go to this site:
http://www.whatismyip.com/

Or this one:
http://whatismyipaddress.com/

After you go there, in the center of the screen near the top it will say something like: "Your IP Address Is: 216.127.72.7"

What is my ip



Once you know your ip address, in this example I will use 216.127.72.7 for my ip address.

Now you want to open the .htaccess file with your favorite text editor or your hosts file manager editor.

Dolphin 7 /administration/.htaccess will look like this:

Dolphin 7 Administration htaccess



<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>


We will add just below </IfModule> the following:

<Files *>
order deny,allow
deny from all
allow from 216.127.72.7
</Files>


So it will look like:

Dolphin 7 Administration htaccess



<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>

<Files *>
order deny,allow
deny from all
allow from 216.127.72.7
</Files>


Then save the changes back to your host.




To test this, you can simply comment out your ip address with a (#) before your ip address. In this case, it would be #allow from 216.127.72.7. To comment it out it would look like:

#allow from 216.127.72.7


So it looks like:

Dolphin 7 Administration htaccess



<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>

<Files *>
order deny,allow
deny from all
#allow from 216.127.72.7
</Files>



It will then block or deny all access to your Dolphin Administration Panel area including you.

You just want to do this temporarily to make sure it is actually working.

Once you have commented your ip address out, navigate to your Dolphin Administration Panel login area.

Dolphin 7:
http://www.yoursite.com/administration

Dolphin 6x/6.1x:
http://www.yoursite.com/admin

If it is working you should see a white page or an access denied error or similar. If you are unable to access your Dolphin Administration area and/or get this error page then you know it is working.

Now you just want to remove the comment (#) symbol for your ip address so only your ip address will be allowed to access your admin panel.

Remove the comment (#) and save the changes back to your hosting account.

Navigate back to your admin area and you should be able to login again now.

Note:
This will affect only http web traffic. It will not affect ftp traffic or other. So you will still be able to change the .htaccess at any time by ftp, or through your hosts control panel, file manager, etc.

  • So don't be concerned about blocking yourself while testing.




You can also allow more than just the one ip address 216.127.72.7 if you access your dolphin site from some other location or ip address. For example, maybe you want to log into your dolphin admin panel from work. If so you can add both your home ip address and work ip address if necessary such as:


<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>

<Files *>
order deny,allow
deny from all
allow from 216.127.72.7
allow from 127.216.7.72
</Files>



Note:
If your ip address changes or when your ip address changes you will be denied access at that time.

Simply edit: /administration/.htacess (Dolphin 7x) or /admin/.htaccess (Dolphin 6x/6.1x) and update the allow from 216.127.72.7 with your new ip address.


Additionally:
If you have someone working on your Dolphin web site or if you have another administrator that you allow access to your administration panel you would need to add allow from their ip address as well.

This is something that you really should think about adding to help secure your Dolphin web site, or any other site you administer or maintain.

 
Written By
Tutorial by: Jeremy LeSarge (AKA Ray)

I am the owner and administrator of DialMe.com. I write Tutorials for Boonex Dolphin as well as tips and resources surrounding website programming and development. I enjoy working with WordPress, SEO, and Web Hosting / Servers. I also maintain a WordPress Blog here on this site where you will find a variety of technology and webmaster resources.

Actions
Recommend
Sponsored Links