Trade Expert Logo #1 traffic trade script on the globe
Home Features Changelog FAQ Prices Download Manual Forum
E-mail / User:Pass:
Don't have an account yet?|Forgot password?
Key
Manual index

TE3 - User manual

Last updated: 2. April, 2012. Display manual on a single page.

IP protect your admin interface

Like it or not, hackers will try break into any script installed on your server and TE is no exception. After they gain access to the admin interface of the script, it is much easier to gain access to the server as well. Same goes for the opposite. If they gain access to your server they can change files owned by your user, meaning they can also overwritte legit TE files with harmful ones and often that can be tricky for you to notice.

You should use all of the available security measures to make that task as hard as possible for them. We will describe two measures how you can and should protect yourself. TE's allowed IPs module & .htaccess file protection. It is strongly recommended that you use at least one method. Of course .htaccess method might be better, it is bullet proof (IPs / IP blocks are blocked on the server level) and it is also more flexible (you can specify exactly which files you want to block), but for a novice user it might be a bit trickier to configure. For additional protection, you can use both methods simultaneously.

If you have a static IP (IP is never changing) on your home machine, it is very simple to configure "allowed IPs" module. Simply add your IP ( 18.222.116.146 ) into the textarea and press update button.

If your IP is changing all the time, you can still configure it, but it might be a bit tricker. Usually internet service providers will only change last or last two numbers of your IP. If that is the case, simply add your whole block. Even if you will add a whole IP block, you will reduce number of potential hackers to nearly zero. Users that are not listed in the "allowed IPs" module and/or htaccess, will get: "Your IP is not on the access list / Forbidden " message.

  • Allowed IPs:

    It only protects TE files that should never be opened to the public (no function or meaning to open them to the public). It doesn't protect files such as signup.php, because these files are usually opened to public. We understand there are many webmasters that would like to make their own list of protected files. If that is the case, you should use more flexible htaccess method instead (read the next chapter).

    Protected PHP files: index.php, rlogin.php
    Unprotected PHP files: in.php, out.php, signup.php, webmaster_stats.php, securityimage.php

    You can add one or multiple IPs at the same time. To enter multiple IPs, add one IP per line. You can add a whole IP block to the list as well (x. - A block, x.x. - B block, x.x.x. - C block). If the last character in the string is "." (dot), a whole block will be blocked. Single IPs must be added in the x.x.x.x scheme. TE will prevent adding duplicated IPs / IP blocks and IPs or IP blocks that are out powered by a lower IP block. This way your list will always remain clean and fast.

  • .htaccess:

    IP protection with htaccess is more flexible than "allowed IPs" module as it allows you to specify files you want to protect. It supposed to be bullet proof as it is based on the server level. Different webmasters have different demands. Check the list of all the TE's PHP files with descriptions. Based on that you should be able to decide which files you need IP protected and which ones will have to remain opened to the public.

    Here is an example of how htaccess protection should look like. You can use (copy paste) an example below and feel free to modify it. Add additional files if you don't need them opened to the public and want to protect them. As you can see, in this example protected files are: index.php and rlogin.php. And let's imagine your server's IP is 210.10.15.20 and your home IP is always changing the last two numbers ( first two numbers are 90.60. ). You can add it like this:

Copyright © 2012 Trade Expert. All rights reserved.
This site is hosted by Reflected.net