An alternative to creating a password level protection to the admin folder would be to block all access to the admin area to all except for a few ip address.
This would be in a file called ".htaccess" (or in the httpd.conf) in the www/admin folder
It would look something like this
<IfModule mod_rewrite.c>
RewriteEngine On
#####IP Lockdown to prevent Unauthorised access from unauthorised IP
RewriteCond %{REQUEST_URI} !/www/admin/unauthorised.html
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteRule $ /www/admin/unauthorised.html [R=404,L]
</IfModule>
Explaination
This requires the mod_rewrite to be enabled
RewriteCond is the condition in which you will be redirected to the rule
Remote host is the ip
! - signifiys not this ip address
and the rewriterule is to a page to display as a result.
The pros:
You are whitelisting ip addresses that can have access. This works well if you have a fixed ip in an office/home.
If you have a dynamic address though, then you would need to read documentation on the rewrite rule to see if you can include a dyndns in wome way. I have not found out how to do this successfully yet.
The cons:
You could inadvertently lock yourself/or other uses out. Probably not good for everybody using this.
Potential
I guess you could mask the fact that adserver is even installed if you did something with referers but if you have many there again, won't be feasible for everyone.
