How to block an IP from accessing the admin folder?

Topics: ASP.NET 2.0
Aug 12, 2013 at 2:42 PM
Edited Aug 12, 2013 at 4:16 PM
Hi BE gurus!

My site had recently a huge and plolonged brute-force attack aimed on login.aspx page. Please could you advise on how to do these things:

= remove the login links from all the pages (I've tried this on the theme's site.master file but it caused an error due to the absence of aLogin element)
= rename the login directory (I've tried this but it caused an error. Will it be enough to define a new directory within the site.master.cs? But it has to be done together with the above.)
= restrict the access to the login directory for all IPs except mine ones. (I've tried this solution:
http://www.stokia.com/support/misc/web-config-ip-address-restriction.aspx
but it caused the 500 error.

Or to make this folder passwod protected (I can do it via control panel on the hosting)?
And which one of these loads the sever less (I'm on a shared hosting and BE 2.0)?

(I'd like to express my thanks to rtur who helped me in this issue
https://blogengine.codeplex.com/discussions/434555
it was resolved somehow by the hosting upon insistent emailing them)))


Regards,
Schaft
Coordinator
Aug 12, 2013 at 7:15 PM
You'll probably get more answers on generic asp.net question at sites like stack overflow, just because more people will see it. Here is one you can look at.