In order to log in to the site administrator, the hacker may need the appropriate authorization form. Finding it, he can try to guess the password using brutforsery – the program iterates over the password dictionary. Maybe the hacker already fished out the relevant data (username and password) from the database using the detected sql vulnerability. To take possession of the site, it is enough to enter in the authorization form the stolen data. Accordingly, the more difficult to find the admin panel, the higher the security of the site.
You can test the security of your website, using a special utility. For example, use Admin Finder, you can easily find online. It is sufficient to enter the address of the website, and you'll get the paths of all pages associated with administration. Please note that some antiviruses can identify the program as an unwanted software and block its work. To ensure to avoid the presence in the utility Trojans, Admin Finder search for it on hacker sites. On their site's and forums the hackers will not spread the infected utility.
Quite often hackers check the file robots.txt where administrators list are forbidden to be indexed by search robots files. This file may be necessary for the attacker data.
To view the structure of the website can take advantage of special scanners. For example, good results and shows a small console utility SiteScaner. Run it, enter the address of your site. Look in the box, did you specify the pages you wish to hide.
There are network services, in sufficient detail showing the structure of the site. For example, this: Enter in the search field the address of your site, insert the security code and press the SCAN button. In the list you will see the structure of your Internet resource.
When searching for admin hacker can simply try the most common options. For example: /admin, /login, index/admin.php, admin.php, login.php, admin/index.php, admincp/index.php. Setting up the website, try to avoid known names of directories and files. This also applies to databases – hacking utilities are known to more than five hundred of their common names.
Check your resource for resistance to burglary through a program XSpider. It is legal software, its demo version can be downloaded from the website of the manufacturer. The program is designed for system administrators and allows you to get a report on possible ways of penetration of the Internet resource.
Quite often, administrators do not expose the rights to view the directory, allowing the hacker virtually free to surf directory site. To protect a folder from viewing you in a very simple way: insert it in the page index.html with text stating that the directory is current. When you try to look in the directory will automatically open this page.