User Tools

Site Tools


te3:allowed_ips

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
te3:allowed_ips [2014/11/20 13:01]
moderator
te3:allowed_ips [2015/07/13 18:13] (current)
moderator
Line 1: Line 1:
 ====== IP protect your admin interface ====== ====== IP protect your admin interface ======
 ~~NOTOC~~ ~~NOTOC~~
 +
 +Menu: {{:​te3:​user_logo.png?​nolink|}} User / Allowed IPs
  
   * [[te3:​allowed_ips#​allowed ips|Allowed IPs]]   * [[te3:​allowed_ips#​allowed ips|Allowed IPs]]
Line 11: Line 13:
 You should use all of the available security measures to make that task as hard as possible for them. We will describe two measures how you can and should protect yourself. TE3's "​Allowed IPs" module & ''​.htaccess''​ file protection. It is strongly recommended that you use at least one method. Of course ''​.htaccess''​ method might be better, it is bullet proof (IPs / IP blocks are blocked on the server level) and it is also more flexible (you can specify exactly which files you want to block), but for a novice user it might be a bit trickier to configure. For additional protection, you can use both methods simultaneously. You should use all of the available security measures to make that task as hard as possible for them. We will describe two measures how you can and should protect yourself. TE3's "​Allowed IPs" module & ''​.htaccess''​ file protection. It is strongly recommended that you use at least one method. Of course ''​.htaccess''​ method might be better, it is bullet proof (IPs / IP blocks are blocked on the server level) and it is also more flexible (you can specify exactly which files you want to block), but for a novice user it might be a bit trickier to configure. For additional protection, you can use both methods simultaneously.
  
-**If you have a static IP** (IP is never changing) on your home machine, it is very simple to configure "​Allowed IPs" module. Open {{:​te3:​user_logo.png?​nolink|}} ''​User''​ drop down menu in the [[te3:​admin_panel|Admin panel]] and click on ''​Allowed IPs''​ then simply add your IP ( 213.161.30.4 ) into the textarea and press ''​Update''​ button. 
  
-**If your IP is changing** all the time, you can still configure it, but it might be a bit tricker. Usually internet service providers will only change last one or last two numbers of your IP. If that is the case, simply add your whole block. Even if you will add a whole IP block, you will reduce the number of potential hackers to nearly zero. Users that are not listed in the "​Allowed IPs" module and/or htaccess, will get: ''​Your IP is not on the access list / Forbidden''​ message. 
  
 ---- ----
Line 19: Line 19:
 ===== Allowed IPs: ===== ===== Allowed IPs: =====
  
-It only protects TE3 files that should never be opened to the public (no function or meaning to open them to the public). It doesn'​t protect files such as ''​signup.php'',​ because these files are usually opened to public. We understand there are many webmasters that would like to make their own list of protected files. If that is the case, you should use more flexible htaccess method instead (read the next chapter).+It only protects TE3 files that should never be opened to the public (no function or meaning to open them to the public). It doesn'​t protect files such as ''​signup.php'',​ because these files are usually opened to public. We understand there are many webmasters that would like to make their own list of protected files. If that is the case, you should use more flexible ​[[te3:​allowed_ips#​.htaccess:​|.htaccess]] ​method instead (read the next chapter).
  
   Protected PHP files: index.php, rlogin.php   Protected PHP files: index.php, rlogin.php
   Unprotected PHP files: in.php, out.php, signup.php, webmaster_stats.php,​ securityimage.php   Unprotected PHP files: in.php, out.php, signup.php, webmaster_stats.php,​ securityimage.php
 +    ​
 +**If you have a static IP** (IP is never changing) on your home machine, it is very simple to configure "​Allowed IPs" module: ​
 +
 +<fs 112%>​**Step by step**</​fs>​
 +
 +{{:​te3:​allowed_ips_allowed.png?​nolink |}} \\ 
 +{{:​te3:​tut_step_1.png?​nolink|}} Open {{:​te3:​user_logo.png?​nolink|}} ''​User''​ drop down menu in the [[te3:​admin_panel|Admin panel]] and click on ''​Allowed IPs'', ​ \\ \\  \\ \\ \\ 
 +
 +{{:​te3:​tut_step_2.png?​nolink|}} Select ''​allowed module'',​
 +
 +{{:​te3:​tut_step_3.png?​nolink|}} Check box ''​Add my current IP to the list in case it is not already there'',​ \\ \\   
 +
 +{{:​te3:​tut_step_4.png?​nolink|}} Optionally add additional allowed IPs,  \\ \\  \\  \\  ​
 +
 +{{:​te3:​tut_step_5.png?​nolink|}} Press ''​Update''​ button. \\ \\  \\ 
 +
 +**If your IP is changing** all the time, you can still configure it, but it might be a bit tricker. Usually internet service providers will only change last one or last two numbers of your IP. If that is the case, simply add your whole block. Even if you will add a whole IP block, you will reduce the number of potential hackers to nearly zero. Users that are not listed in the "​Allowed IPs" module and/or htaccess, will get: ''​Your IP is not on the access list / Forbidden''​ message.
 +
  
 You can add one or multiple IPs at the same time. To enter multiple IPs, add one IP per line. You can add a whole IP block to the list as well (x. - A block, x.x. - B block, x.x.x. - C block). If the last character in the string is ''​.''​ (dot), a whole block will be blocked. Single IPs must be added in the x.x.x.x scheme. TE3 will prevent adding duplicated IPs / IP blocks and IPs or IP blocks that are out powered by a lower IP block. This way your list will always remain clean and fast. You can add one or multiple IPs at the same time. To enter multiple IPs, add one IP per line. You can add a whole IP block to the list as well (x. - A block, x.x. - B block, x.x.x. - C block). If the last character in the string is ''​.''​ (dot), a whole block will be blocked. Single IPs must be added in the x.x.x.x scheme. TE3 will prevent adding duplicated IPs / IP blocks and IPs or IP blocks that are out powered by a lower IP block. This way your list will always remain clean and fast.
Line 30: Line 48:
 ===== .htaccess: ===== ===== .htaccess: =====
    
-IP protection with htaccess is more flexible than "​Allowed IPs" module as it allows you to specify files you want to protect. It is supposed to be bulletproof as it is based on the server level. Different webmasters have different demands. Check the list of all the TE3's PHP files with descriptions. Based on that you should be able to decide which files you need IP protected and which ones will have to remain opened to the public.+IP protection with htaccess is more flexible than "​Allowed IPs" module as it allows you to specify files you want to protect. It is supposed to be bulletproof as it is based on the server level. Different webmasters have different demands. Check the list of all the [[te3:​allowed_ips#​PHP files inside /te3/ directory|TE3's PHP files]] with descriptions. Based on that you should be able to decide which files you need IP protected and which ones will have to remain opened to the public. 
 + 
 + 
 +<fs 112%>​**Step by step**</​fs>​ 
 + 
 +{{:​te3:​allowed_ips_htaccess.png?​nolink |}} \\  
 +{{:​te3:​tut_step_1.png?​nolink|}} Open {{:​te3:​user_logo.png?​nolink|}} ''​User''​ drop down menu in the [[te3:​admin_panel|Admin panel]] and click on ''​Allowed IPs'', ​ \\ \\  \\ \\ \\  
 + 
 +{{:​te3:​tut_step_2.png?​nolink|}} Select ''​htaccess''​ file protection, \\ \\ \\ \\  \\ \\   
 + 
 +{{:​te3:​tut_step_3.png?​nolink|}} Insert .htaccess code into text area (see example below for additional explanation), ​ \\ \\  \\    
 + 
 +{{:​te3:​tut_step_4.png?​nolink|}} Press ''​Update''​ button. \\ \\  \\  
  
-++++ Example of htaccess protection | +++++ Example of .htaccess protection | 
-Here is an example of how htaccess protection should look like. You can use (copy paste) ​an example ​below and feel free to modify it. Add additional files if you don't need them opened to the public and want to protect them. As you can see, in this example protected files are: ''​index.php''​ and ''​rlogin.php''​. And let's imagine your server'​s IP is ''​210.10.15.20''​ and your home IP is always changing the last two numbers (first two numbers are ''​90.60.''​ ). You can add it like this:+Here is an example of how .htaccess protection should look like. You can use (copy paste) ​the example and feel free to modify it. Add additional files if you don't need them opened to the public and want to protect them. As you can see, in this example protected files are: ''​index.php''​ and ''​rlogin.php''​. And let's imagine your server'​s IP is ''​210.10.15.20''​ and your home IP is always changing the last two numbers (first two numbers are ''​90.60.''​ ). You can add it like this:
  
 <​code><​files ~ "​(index\.php|rlogin\.php)">​ <​code><​files ~ "​(index\.php|rlogin\.php)">​
Line 46: Line 77:
 ===== PHP files inside /te3/ directory ===== ===== PHP files inside /te3/ directory =====
  
-Here is a brief description of the PHP files inside /te3/ directory, so you can better understand what is their task and which of them should be <color blue>IP protected</​color>​.+Here is a brief description of the PHP files inside /te3/ directory, so you can better understand what is their task and which of them should be IP protected.
  
   - **cron.php**:​ TE3 uses a [[te3:​pseudo_cron|pseudo-cron]] method to execute tasks such as stats recalculation,​ toplist creation, mailing and so on. ''​cron.php''​ module is triggered by ''​in.php''​. It has to be opened to the public. \\ \\    - **cron.php**:​ TE3 uses a [[te3:​pseudo_cron|pseudo-cron]] method to execute tasks such as stats recalculation,​ toplist creation, mailing and so on. ''​cron.php''​ module is triggered by ''​in.php''​. It has to be opened to the public. \\ \\ 
-  - **in.php**: Module for tracking incoming traffic. It has to be opened to the public. \\ \\ +  - **in.php**: Module for tracking ​[[te3:​incoming:​standard|incoming traffic]]. It has to be opened to the public. \\ \\ 
   - **index.php**:​ TE3's admin interface. <color red>​Protect it!</​color>​ \\ \\    - **index.php**:​ TE3's admin interface. <color red>​Protect it!</​color>​ \\ \\ 
   - **out.php**:​ Module for tracking [[te3:​outgoing|outgoing traffic]]. It has to be opened to the public. \\ \\    - **out.php**:​ Module for tracking [[te3:​outgoing|outgoing traffic]]. It has to be opened to the public. \\ \\ 
   - **rlogin.php**:​ If you have multiple TE3 sites linked together into a [[te3:​network|network]],​ remote login (''​rlogin.php''​) serves as an inter-communication module for network tasks such as: Switching between sites, exporting trades, syncing blacklist, syncing search engine list and so on. If you only have one TE3, you won't need ''​rlogin.php''​ module at all and therefore you can IP protect it. In case you have two or more TE3s linked together into a network, you can still IP protect '''​rlogin.php'',​ but you will have to add both, your personal and your server IP to the "​allowed IPs" and/or "​.htaccess"​. <color red>​Protect it!</​color>​ \\ \\    - **rlogin.php**:​ If you have multiple TE3 sites linked together into a [[te3:​network|network]],​ remote login (''​rlogin.php''​) serves as an inter-communication module for network tasks such as: Switching between sites, exporting trades, syncing blacklist, syncing search engine list and so on. If you only have one TE3, you won't need ''​rlogin.php''​ module at all and therefore you can IP protect it. In case you have two or more TE3s linked together into a network, you can still IP protect '''​rlogin.php'',​ but you will have to add both, your personal and your server IP to the "​allowed IPs" and/or "​.htaccess"​. <color red>​Protect it!</​color>​ \\ \\ 
-  - **securityimage.php**:​ If you have the "​security image" feature enabled in the "option / webmaster" ​menu to prevent robot trade sign-ups, ''​securityimage.php''​ module displays security image on the ''​signup.php''​ page. If you have webmaster sign-up page opened and the "​security image check" feature enabled, then you have to keep ''​securityimage.php''​ opened to the public, otherwise you can IP protect it. \\ \\  +  - **securityimage.php**:​ If you have the "​security image" feature enabled in the [[te3:​signup_settings|option / webmaster]] menu to prevent robot trade sign-ups, ''​securityimage.php''​ module displays security image on the ''​signup.php''​ page. If you have webmaster sign-up page opened and the "​security image check" feature enabled, then you have to keep ''​securityimage.php''​ opened to the public, otherwise you can IP protect it. \\ \\  
-  - **signup.php**:​ Webmaster sign-up page. Your trade partners can sign-up new trades on this page. If you have your webmaster page closed anyway, you can IP protect it. \\ \\  +  - **signup.php**:​ Webmaster ​[[te3:​signup_settings|sign-up page]]. Your trade partners can sign-up new trades on this page. If you have your webmaster page closed anyway, you can IP protect it. \\ \\  
-  - **te_redirect.php**:​ Incoming tracking method that also allows ​[[te3:​incoming#​Enable ​redirections|redirections]]. If you don't use ''​te_redirect.php'',​ you can IP protect it. \\ \\ +  - **te_redirect.php**:​ Incoming tracking method that also allows redirections. If you don't use ''​te_redirect.php'',​ you can IP protect it. \\ \\ 
   - **webmaster_stats.php**:​ [[te3:​signup#​webmaster_statistics|Webmaster statistics page]]. Your trade partners can login and view trade stats from this page. If you have your webmaster stats page closed anyway, you can IP protect it.    - **webmaster_stats.php**:​ [[te3:​signup#​webmaster_statistics|Webmaster statistics page]]. Your trade partners can login and view trade stats from this page. If you have your webmaster stats page closed anyway, you can IP protect it. 
  
te3/allowed_ips.txt · Last modified: 2015/07/13 18:13 by moderator