Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

image directory security


cooch

Recommended Posts

Posted

In order to upload new product images, the image directory must be writeable by the php scripts. Someone recently uploaded a shell program to this directory and spammed; we were lucky they didn't do more damage!

 

How do you prevent this? Do you simply change the permissions after each time you are done uploading?

 

Thanks!

Posted

you set the owner only to have write access to the images directory. So typically the dir settings will be 755.

Posted
you set the owner only to have write access to the images directory. So typically the dir settings will be 755.

 

 

Thanks for the reply. However, the way our host's webserver is set up, the php scripts are not owned by owner, but by www. This means that the directories they access have to be writeable by www, which opens them up to anyone hitting the pages via http. I tried setting the image directory to 755, but the admin section showed the "the image directory is not writeable" error, and I could not upload.

  • 5 months later...
Posted
Thanks for the reply. However, the way our host's webserver is set up, the php scripts are not owned by owner, but by www. This means that the directories they access have to be writeable by www, which opens them up to anyone hitting the pages via http. I tried setting the image directory to 755, but the admin section showed the "the image directory is not writeable" error, and I could not upload.

 

Sorry to bring this up, but did you manage to solve this problem?

 

Thanks

 

Sam

Posted
Sorry to bring this up, but did you manage to solve this problem?

 

Thanks

 

Sam

 

 

Nope. Had to keep permissions at 755 until I want to upload new products, at which time I set it to 777.

I am looking into setting the permissions to 777 via ftp, then back to 755 after uploading.

 

cooch

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...