Htaccess And The Admin Directory

I just thought everyone using this software should be aware of the following as it has made me crazy for some time and today after moving a sytist site to a new hosting server I found the culprit making me crazy...it's name was Sytist! LOL

For over a year now I have noticed that at seemingly random times the directory protection files I placed in the admin folder were missing.  This is the standard directory protection of restricting access by IP or by password within an htaccess file. I don't run any web site with an admin folder without this applied. I have been very, very concerned that somehow someone was getting in to the hosting acct and removing it, yet nothing else ever disturbed or changed. I only noticed this in the last year or so.

Imagine my surprise today while I examined the backup folder sytist makes when it updates and find the missing htaccess file in there, after discovering it was gone from the sy admin directory and yet just 30 mins before it was there when I logged in and updated to 4.6.1 after moving the site over!

The light bulb went off as to what was going on at that moment - no hacking on the old host acct, just sytist removing it and since I am just the webmaster and only login to check for updates or when the owner has issues it wasn't a constant thing - it only happened after updates I see now when I review my notes.

There must be a fix to this, Tim can you adjust your update script to put any .htaccess and .httpswd files back (if exists) or to leave them alone during updates? Better yet make it a feature with Sytist to protect the admin folders this way for everyone because you can never have enough security to keep the relentless potential hackers at bay.

I have never had an issue with backup's or updates, no files have ever gone missing or bad. This would be host related. And i am running two sytist installations on the same server, no issues.

renaming your admin folder https://www.picturespro.com/sytist-manual/installa...

I wasn't aware that Sytist would work behind a .htaccess protected folder.  

Interested to find Tim's opinion on this topic.

Of course, and that is security by obscurity and that equals no security at all bud.

Spend some time going through the server logs to realize how much more sophisticated hacking is today, they certainly aren't stupid and they know what to look for.

I assure you this is not a host issue, lol. It is the installation script scooping the admin file contents as a backup.

I've been working with this software since 2013, before Sytist it was Photocart.  There was some grief getting it to work with Photocart I recall, but no problem with Sytist.