Hacking, Software, Languages, Python

Hide admin & user urls in Ensim

A while ago we ordered a couple of servers from United Hosting.

These are great little server, they seem very secure.

Only problems with security we've ever had was because we used ftp to upload a couple of websites, and the login credentials were captured by some malware. We recommend you use sftp where ever possible over ftp.

The thing that really annoyed us were the control panel directories. Ensim forces you to have http://domain/admin and http://domain/user redirect to it's control panels.  This behaviour was unacceptable to us.

Luckily Ensim provides a method to override its automatically generated configure files. It did take us a while to figure this out, but you can benefit from our research.

The glue to this modification is this example file: /usr/share/doc/webppliance-apache-10.3.2/custom.py.

Now I can't guarantee this is the best way to remove /admin and /user, however we have been running it for a while, and we have not had any problems.

def vh_conf(site, newconf, oldconf, cust):

content = virthost.modules.apache.vh_conf(site, newconf, oldconf, cust, None, "HTTP")

p = re.compile( '[ t]+RedirectMatch ^/(.*)n' )
content = p.sub('', content)

return content


You can make these changes server wide, or on site specific.
If you do make it site specific, it will override the global file.

[server wide] /usr/lib/ensim-python/site-packages/vh3/custom/apache.py
[specific site] /home/virtual/site*/info/custom/apache.py

If you haven't already guessed, these files are written in python. The code is searching for lines that contain RedirectMatch, and deleting them.

Debugging Ensim is easy. Ensim will let you know there is a bug in the code when you save your site after editing it.

Hopefully this is of help and if needed I can post further information.

comments powered by Disqus