Notifications of Illegal Admin Access Attempts


WARNING! WARNING! WARNING!
Before you use this tutorial, download a copy of your “/application/configs/site.php” file and store it in a safe place and DO NOT TOUCH IT AGAIN!!! I’ll explain at the end of this tutorial.

If you’re anything like me, security is one of your top-most concerns when it comes to your websites and customer data, which is probably why you decided to start using aMember Pro in the first place. Well, after noticing hundreds of login access attempts to one of my more popular blog sites, it made me wonder “How can I tell if anyone’s trying to access my aMember admin area as well?”. Thankfully, the answer was quite simple, if you know how to do it.

aMember Pro has the built-in ability to block others from trying to access your admin area, BUT, it wasn’t enough for me. I didn’t just want to block others, I wanted to know how often people were trying to access it and where those people were coming from, so, I altered some code and made it so that not only is the admin area locked down to just myself and a few key assistants, but I am also notified, via email, whenever anyone tries to access the admin area.

I’ve also set up a function which will log the details to the admin log file as well, but I will create a separate tutorial on that later as it’s a little more in-depth and requires a better understanding of PHP and MySQL.

For the record, you can see the instructions straight from aMember’s own website if you’re more comfortable with that. You can view it directly on the aMember website using the link below:

https://docs.amember.com/docs/HowTo/Restrict_access_to_admin_interface_by_certain_IP_address

To get started, as usual, you’ll be editing the “site.php” file so you’ll want to download a copy of it before editing it. Be sure to keep a separate copy in case you mess anything up.

1. Add the following to your “/application/configs/site.php” file:

class Am_Controller_CheckIp extends Zend_Controller_Plugin_Abstract {
    public function preDispatch(Zend_Controller_Request_Abstract $request) {
        if (stripos($this->getRequest()->getControllerName(), 'admin')===0) {
            if ($_SERVER['REMOTE_ADDR']!='127.0.0.1') {
                $mymail = "your@email.you";
                mail("$mymail","aMember Admin Access Attempt","CUSTOM MESSAGE HERE","FROM: $mymail");
                echo "ACCESS DENIED";
                exit;
            }
        }
    }
}
Zend_Controller_Front::getInstance()->registerPlugin(new Am_Controller_CheckIp, 500);

2. On line 4, change “127.0.0.1” to your actual IP address. If you need help finding your IP address, click here.

3. On line 5, change “your@email.you” to your actual email address.

4. On line 6, change “CUSTOM MESSAGE HERE” to whatever message you want to send to yourself.

5. On line 7, change “ACCESS DENIED” to whatever message you want to display to the visitor.

6. Save the file and upload it overwriting the original site.php file.

7. Once saved, have a friend, or someone you trust, access the admin area and report back to you with what they see (which should be your “Access Denied” message).

8. Check your email account to make sure you received the email notification.

9. Log in to the admin area yourself and make sure you’re able to access everything as you normally would.

Now, provided everything worked correctly, go ahead and delete the site.php you downloaded when I warned you to do so at the start (top) of this tutorial. As long as you didn’t fudge anything up, you won’t need it. However, if you, or your friend, receive any other errors, upload the original site.php file and try it again.

CONGRATS!

That’s it. You’re done. You will now receive a notification when anyone else attempts to access the admin area, PLUS, if they’re able to hack their way in, you’ll receive an email every time they access any page within the admin area so you’ll have some sort of idea of what was done which will help in getting everything back to normal when reviving your original setup.

If you find any of my aMember Pro tutorials or articles useful, or have any questions related to the aMember Pro system, please feel free to post a comment (below) or contact me anytime using my online help desk. I check these pages frequently and will reply as soon as I can.

PLEASE NOTE:
Since many have asked, if you wish to thank me financially, you may do so by "paying it forward" with a donation to a very worthy cause. Alternatively, if you'll be purchasing any additional aMember Pro licenses or any of their add-on modules (plugins), please consider clicking here to purchase using my affiliate ID in which case I will earn a referral fee.


RELATED POSTS

• Creating a Drip-Fed System for Your Member Area [COMING SOON]
Manually Backing Up Your aMember Database
Creating A "Sticky Sidebar" on aMember Cart Pages
Self Testing A Custom Purchasing Functionality
Display Notifications on ALL aMember Pages
Protecting Content: Any Product vs All Registered Customers
Receive Notifications of Illegal Admin Access Attempts
Changing the Resource Block Search Bar Setting
Disabling Throwaway eMail Addresses

Leave a Reply