Admin Page Security

[Dayo]

I have started work on the admin page of GL V2, i have implemented a password verification every time you visit the admin panel from the game , are there any other security features you think would be a good idea to add?

[Iam]

Perhaps htaccess based on ip?

[sniko]

• Data input is validated and sanitised
  
• ©SRF protection w/ tokens
  
• Proper error handling (not really security based)
  
  • Could not write to database, tell user and e-mail developer(s)
    

  [*]Auditing writes (not really security based, or is it?)

  [*]Ability to backup databases (Again, not directly security related)

  • With the ability to e-mail developers/game owners the database dump
    

  [*]Disallow root access to databases (Again, not directly security related as such)

Edited July 28, 2014 by sniko

[Ironik]

restrict to userlevels and sessions

[HauntedDawg]

Simple, yet effective method. The users have no admin access, there is no "in-game" built in admin panel. You build it outside of the game, such as http://admin.gamename.com or http://gamename.com/admin/.

Lock it down with htpasswd

Separate users than the actual game. The table and/or database to be separate from the games users table.

[Dayo]

Simple, yet effective method. The users have no admin access, there is no "in-game" built in admin panel. You build it outside of the game, such as http://admin.gamename.com or http://gamename.com/admin/.

Lock it down with htpasswd

Separate users than the actual game. The table and/or database to be separate from the games users table.

We do something like this for work but rather then on a different sub domain we host the admin panel on our local machines ant to log on we have to SSH into the server and forward the database port to our local machine, this way we can manage multiple "dashboards" from one location.

[G7470]

I would combine both sniko's and HauntedDawg's methods into one. Create an admin sub-domain, and with that sub-domain, lock down root database access, abilities to back up databases, etc.

~G7470

[DAMINK]

What difference does making a sub domain for admin stuff matter?

If someone wanted to hack your game they would take the time to find out if and where the admin functions are right?

A simple pentest should find subdomains.

Seriously i cant find any benefit to making a subdomain as to change admin.php to asdfsdagfqettgqwragq43a5.php

Same thing applies. You change the "default" so its harder for the hacker to find.

But with a simple pentest you find this.

In other words making a sub domain is a waste of time.

If its just backing up databases then just put the backups OUTSIDE the doc root. Automate it to run a couple times a day and forget it. SO EASY ITS NOT FUNNY!

Thats my 2 cents worth anyway.

[Script47]

What difference does making a sub domain for admin stuff matter?

If someone wanted to hack your game they would take the time to find out if and where the admin functions are right?

A simple pentest should find subdomains.

Seriously i cant find any benefit to making a subdomain as to change admin.php to asdfsdagfqettgqwragq43a5.php

Same thing applies. You change the "default" so its harder for the hacker to find.

But with a simple pentest you find this.

In other words making a sub domain is a waste of time.

If its just backing up databases then just put the backups OUTSIDE the doc root. Automate it to run a couple times a day and forget it. SO EASY ITS NOT FUNNY!

Thats my 2 cents worth anyway.

How many people would think that the admin panel is on a sub domain? I don't think it is a waste of time.

[DAMINK]

How many people would think that the admin panel is on a sub domain? I don't think it is a waste of time.

I think your missing the point.

If someone wants to take down/compromise a site one of the FIRST things i would imagine they do is a pentest.

Get an idea of the structure of the site right?

Get an idea of the server also.

Once you get your info you begin your attack.

If you really think hiding behind a subdomain will help you then sorry man i think your MAD!!!!!!!

[Coly010]

I think your missing the point.

If someone wants to take down/compromise a site one of the FIRST things i would imagine they do is a pentest.

Get an idea of the structure of the site right?

Get an idea of the server also.

Once you get your info you begin your attack.

If you really think hiding behind a subdomain will help you then sorry man i think your MAD!!!!!!!

Not if you run a multi server setup.

One server dedicated to the game files, the other to the admin files and then host the database on the third.

This way you can have different levels of security for each server.

Game Server needs to be accessed by users.

Admin Server can be protected with htpasswd and htaccess, not to mention having a login etc. You can have your admin panel accessible by the subdomain.

If you really want, you can create a file containing a list of ips, then compare it to the ip thats trying to access the admin server.

Database Server follows the same setup as the Admin Server, then you can create multiple users for the database, read-only and write-only.

Its a lot more expensive to implement being a downside.

[Guest]

So many long ways round, you could just setup a VPN then block all except from that IP. That way you don't need any ht* stuff

[DAMINK]

That is a seriously long way around what is ultimately the same thing right [MENTION=65530]Coly010[/MENTION]

admin.php, blah-blah.php, blah.domain.com, domain.com/blah are ALL going to do the same thing.

They are all accessible to anyone should they be able to get the password and URL.

Actually bots would scrape those places if you like it or not. Sure you could try deny via robots.txt but we know many scrapers wont listen to that anyways and robots.txt can often be a source of knowledge for said hackers.

To move your admin functions to another domain is in my opinion dangerous and possibly creates more security issues.

For the average site i would think just blocking access via .htaccess will suffice.

Both with password and also with ip address. Even that becomes problematic given ip addresses are dynamic often and ip addresses can be spoofed.

Keep in mind phpmyadmin default is a symlink but accessible to anyone that tries to access it via /phpmyadmin and same goes for /cpanel etc etc.

Even big software makers like above dont try hide there scripts. I assume because its pointless.

If you can access it via a browser then others can also.

 

The nuts and guts of what i think.

Move your admin control to somewhere else. Even if its domain.com/admin1.php instead of just domain.com/admin.php.

Setup a simple trap on a fake admin.php to catch anyone that tries to go there given no one should ever try.

Automate an ip address ban to anyone that goes there.(very easy to do)

My logic is this, script kiddies who get told of weaknesses then use google to find sites with this vulnerability. If your site does not have the "default" admin page then thats enough to prevent the average script kiddy.

Beyond that you need to protect properly with .htaccess period. If someone wants to target your domain there going to find your admin area. Does not matter how hard you try hide it.

WOW long post for me!

[Coly010]

Yup, agreed, it's a long way around it. The truth of the matter is, we're talking about security, and I'm not sure any web app can be 100% secured

[G7470]

If a knowledgeable attacker would want to gain administrative access to your site, they will find a way. As with what [MENTION=65530]Coly010[/MENTION] said, there is no way to make a game 100% secured.

On a personal standpoint, when it comes to securing a site, yes, locking down access is of course very important, but also making it difficult for the attacker to find your administrative access is also very effective.

Back in August, I didn't really take note of [MENTION=64684]Dayo[/MENTION]'s comment about using SSH access, which by the way is rather a secure method to administer the site. Is it fool-proof, no, but an attacker would really have to work at it in order to gain this access.

In terms of security, one of the easiest methods to gain administrative access to the site is really by a social engineering attack (i.e. getting the access credentials by a threat, doing the administrator a "favor" by doing whatever, etc). By not giving out your credentials to untrustworthy people and your credentials passing over a secure channel, I think that in of itself is pretty effective.

~G7470

[Dayo]

One of the most secure methods is not to have an administration panel, If you have designed the database correctly do everything via MySQL via SSH and not having and phpmyadmin.

[DAMINK]

On a personal standpoint, when it comes to securing a site, yes, locking down access is of course very important, but also making it difficult for the attacker to find your administrative access is also very effective.

 

This is what i was trying to get at earlier. Renaming your admin panel to ANYTHING wont make it harder to find.

A sub domain may make it a little harder but ultimately if you do a basic test on the domain you find this info regardless.

You could remove the admin controls completely and when you need them manually upload the file and use it then melt the file again. I guess that could work.

However i do agree with [MENTION=64684]Dayo[/MENTION]

Every control you want for your game is generally done from the database so there is no reason why you shouldnt just shell in...........

Oh wait not everyone has a VPS or dedi to have that level of control do they?

And not to mention its VERY easy to make a mistake while using the shell. Especially with database manipulation.

phpmyadmin is a great tool for people that are not confident in having such a level of control.

[HauntedDawg]

What difference does making a sub domain for admin stuff matter?

If someone wanted to hack your game they would take the time to find out if and where the admin functions are right?

A simple pentest should find subdomains.

Seriously i cant find any benefit to making a subdomain as to change admin.php to asdfsdagfqettgqwragq43a5.php

Same thing applies. You change the "default" so its harder for the hacker to find.

But with a simple pentest you find this.

In other words making a sub domain is a waste of time.

If its just backing up databases then just put the backups OUTSIDE the doc root. Automate it to run a couple times a day and forget it. SO EASY ITS NOT FUNNY!

Thats my 2 cents worth anyway.

My reasoning for a sub domain, is one prime reason. Sessions.

Now, admin.php renamed to asdfaasdasdasda14.php will still be able to read that domains sessions, thus being able to hijack your sessions.

How many times have we seen the ol trick of changing your user profile image to either logout.php or the admin panel submitting a change of user permissions?

You seem rather narrow minded to one word you been mentioning in all your posts from this one.

"Pentest", did you now only recently figure out how to do that? Oh wait, lets not forget we can actually block access to the sub domain completely by user and password using htaccess, and then actually require another user and password to login to the system. So, how far does your pentest go? As far as seeing a permission denied page.

If someone really wanted to damage your site, and have the know how, they would not even bother with a admin section in the first place, and actually look for any open vulnerable ports to get access to the DB/mail/SSH/FTP/SFTP.. you name it..

[DAMINK]

........................ [MENTION=68774]HauntedDawg[/MENTION] sure sure.....??.....

Edited January 13, 2015 by DAMINK
Waste of time arguing, deflects from the thread for no real benefit.

[HauntedDawg]

Waste of time arguing. Yet, I am not arguing.

Deflects from the thread, no.. not really, as we are still on topic with regards to admin page security.

for no real benefit.. Well, you don't seem to be putting much positive comments on this thread anyway, so might as well f off.

Oh, and yeah, while it is relatively easier to manage your game via the database directly. It's a pain in the ass.

So, I'll sit here, with my sub domain, while you manage your game via the database and write scripts for all the times sql can't do what php can.

[KyleMassacre]

I say what's the point in all this anyways? If your main site gets hacked then your admin script where ever it is will get hacked. I think you can go either way and use a sub which can get sniffed out or rename your admin file which I think would be harder to find and if I recall you can even use htaccess to restrict files or folders so may as well keep it in one area and hope that everything is fine along sight the rest of your site :p

[Dayo]

I agree having a nice UI can help manage a game, but personally myself for the project i am working on now i see no advantage to making/maintaining/securing a admin panel when i can SSH into it run a command to update a tanks battle stats then exit. Its a 60 second job. And TBH other then user administration what else on a game are you going to be altering often?

There is not much/or anything i can think of that you cant do with SSH that you can do in PHP

Sample of using SSH

ssh [email protected]
*enter password*
mysql -uroot-p{password} database
select * from tanks;
update tanks set damage = 12 where tankID = 12;
Ctrl+C
Exit

[HauntedDawg]

There is not much/or anything i can think of that you cant do with SSH that you can do in PHP

Top of my head.

Newsletters: sending an email to your users using smtp to check for a response back, if it doesnt, flag it in the database, there after check if they have a cellphone number to sms. Check that sms has a response, if it doesnt, flag it in the database.

Sure, you can extract your data from ssh and plug it into a php script. Sure, I am deviating now from the topic, but its an example. And there are many other examples. Who says its to modify data anyway? In fact, my admin panel does not allow for any editing of the users, but is there to only answer support tickets, view transactions made, what products were bought, all with beautiful charts displayed on the front page. The same can be done with SSH, but you'll need to be exporting data and importing every time.

[DAMINK]

So, I'll sit here, with my sub domain, while you manage your game via the database and write scripts for all the times sql can't do what php can.

My point exactly.

I never said i control my game from the database directly and write scripts.

- - - Updated - - -

 

I say what's the point in all this anyways? If your main site gets hacked then your admin script where ever it is will get hacked. I think you can go either way and use a sub which can get sniffed out or rename your admin file which I think would be harder to find and if I recall you can even use htaccess to restrict files or folders so may as well keep it in one area and hope that everything is fine along sight the rest of your site :p

Pretty much the point i was trying to make, yet i notice one particular member did not go on the attack against you Kyle.

[Coly010]

My point exactly.

I never said i control my game from the database directly and write scripts.

- - - Updated - - -

 

Pretty much the point i was trying to make, yet i notice one particular member did not go on the attack against you Kyle.

[MENTION=69639]DAMINK[/MENTION] drop it already. Its like you are in a battle to dislike his posts no matter what he says. He gives a genuine example which doesn't merit a dislike but you do it anyway? Security is a touchy subject. Both you and [MENTION=68774]HauntedDawg[/MENTION] have your own opinions over this. You don't need to be at each others throats over it as long as your content with what you do. Just leave it as is now.

Edited January 13, 2015 by Coly010