Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Getting WARNING Message

Ghoastrider

By Ghoastrider
in General Support

Recommended Posts

Ghoastrider

Ghoastrider

Posted
Posted

I am getting the following message at the top of my OScommerce catalog page "Warning: I am able to write to the configuration file: /home/longezpi/public_html/ruger1022receiver/OScommerce/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

 

Anyone know how to fix this? I have no idea how to address this message.

 

Phil

FIMBLE

FIMBLE

Posted
Posted

I am getting the following message at the top of my OScommerce catalog page "Warning: I am able to write to the configuration file: /home/longezpi/public_html/ruger1022receiver/OScommerce/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

 

Anyone know how to fix this? I have no idea how to address this message.

 

Phil

 

You need to CHMOD the file permissions of your catalog / includes / configure.php and your admim / includes / configure.php files to 0444, or at the highest 0644 this will remove the error.

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Ghoastrider

Ghoastrider

Posted
  • Author
Posted

Nic,

I don't know what CHMOD means? I have looked at both files and have no idea where to add the numbers you suggested. I know I'm no guru at this can you be a little more basic. Thanks in advance.

Terminum

Terminum

Posted
Posted

Does your host have something like cPanel?

 

CHMOD is just the file permissions which you should be able to change by logging in to your hosting account. In your file manager you should be able to edit the permission settings for files and folders. You may be able to just type in 644 or you'll have to check boxes to specify read and write permissions for various user types.

 

 

 

Use this permission calculator to figure out what various numbers mean:

 

http://www.javascriptkit.com/script/script2/chmodcal.shtml

 

 

For example, 644 is:

Owner: read, write

Group: read

Other: read

Ghoastrider

Ghoastrider

Posted
  • Author
Posted

Thanks So much!!! It's done and the warning went away.

 

Someone sent me a private message called Airbrushmaster and told me to set it to 777. I am thankful there are others on this site that are honest and helpful. It is at a much lower number.

Ben Nevis

Ben Nevis

Posted
Posted

Ghoastrider, the file permissions on configure.php is a fairly basic security setting that osc warns you about. There are several other security measures you need to take that osc does not warn you about and you will likely not know about unless you have been reading the threads on security issues. If you have not done so, I would urge you urgently to do the things listed in this thread before you do anything else with your store.

www.jyoshna.com. Currently using OsC with STS, Super Download Store, Categories Descriptons, Manufacturers Description, Individual Item Status, Infopages unlimited, Product Sort, Osplayer with flashmp3player, Product Tabs 2.1 with WebFx Tabpane and other bits and pieces including some I made myself. Many thanks to all whose contributions I have used!

FIMBLE

FIMBLE

Posted
Posted

Thanks So much!!! It's done and the warning went away.

 

Someone sent me a private message called Airbrushmaster and told me to set it to 777. I am thankful there are others on this site that are honest and helpful. It is at a much lower number.

 

You should never ever set any folder / file to 777 its just asking to be hacked

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

geoffreywalton

♥geoffreywalton

Posted
Posted

How on earth did the message go away when it was set to 777 anyway?

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

  • 1 month later...
lianamber

lianamber

Posted
Posted

hello,

 

Having the same issue: I have changed the permissions, trying 644, 444 and 400, but none of them made the warning go away. Any tips?

 

thank you!!

MrPhil

MrPhil

Posted
Posted

444 (-r--r--r--) should work. Have you double checked that you successfully changed permissions to what you thought you did? Perhaps you thought you changed permissions, but didn't, or you changed one of the two configure.php files (not both). Note that 644 is read-write (-rw-r--r--).

lianamber

lianamber

Posted
Posted

changed them to 444, and the error message went away! thanks much... hoping that doesn't mean I won't be able to change anything in the catalog... ?

 

appreciate your time greatly!!

MrPhil

MrPhil

Posted
Posted

It means that your configure.php files have to be "unlocked" (write-enabled to 644) by you before you can change those two files. No effect on the rest of the store. The whole idea is that all sorts of difficult-to-replace configuration information is in these two files, and you want to "lock" them (make them "read only") so that they can not be accidentally (program error) or maliciously (hacker-inserted code) be destroyed or corrupted.

svouratoys

svouratoys

Posted
Posted

Hi i changed the file rights to include\configure.php and admin\include\configure.php but still i have the warning meggase

 

"Warning: I am able to write to the configuration file: /OScommerce/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

 

What also i have to do ??

 

Thank you

MrPhil

MrPhil

Posted
Posted

The first thing to do is to clear your browser cache, in case you're simply looking at an old, cached copy. If not, it sounds like you think you changed the permissions, but in fact they "didn't take" or you did it wrong. It's not uncommon for FTP utilities to not be able to change permissions, especially if it's a Windows server. Use your hosting service control panel to change permissions (to "read only" if Windows, or 444 for Linux).

svouratoys

svouratoys

Posted
Posted

The first thing to do is to clear your browser cache, in case you're simply looking at an old, cached copy. If not, it sounds like you think you changed the permissions, but in fact they "didn't take" or you did it wrong. It's not uncommon for FTP utilities to not be able to change permissions, especially if it's a Windows server. Use your hosting service control panel to change permissions (to "read only" if Windows, or 444 for Linux).

 

Thank you

i changed the permission from cpanel and worked

  • 2 weeks later...
OrcaSoul

OrcaSoul

Posted
Posted

OK, I'm getting the same message. I found this thread, and have read what I need to do - but I seem to have a problem running the command "chmod who=644 c:/xampp/htdocs/catalog/includes/configure.php" in the DOS window (my OS is Vista, my server is xampp).

 

Is there another way to do this?

satish

satish

Posted
Posted

technically speaking configure.php should not allow a write to any group.

 

So make sure that this is the case.

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

MrPhil

MrPhil

Posted
Posted

644 is for Linux servers. It's wrong anyway (you want 444). Does Windows now permit Linux-style permissions, or the 'chmod' command? If not, you'll have to look up how to make a file "read only". I know on older versions you would do something like attrib +r filename.

  • 3 weeks later...
ConsultMe

ConsultMe

Posted
Posted

It seems my host doesn't allow permissions below 644 (however I try to CHMOD to 444 (FTP/SSH) it always changes back to 644) so I'm not able to eliminate the message, is there a work around to remove the check or is this just hiding a security flaw and not recommended?

 

Thanks

Andrew

germ

germ

Posted
Posted

It seems my host doesn't allow permissions below 644 (however I try to CHMOD to 444 (FTP/SSH) it always changes back to 644) so I'm not able to eliminate the message, is there a work around to remove the check or is this just hiding a security flaw and not recommended?

 

Thanks

Andrew

Most people have to use cPanel to get the permissions to change successfully.

 

If all else fails you can turn off the message.

 

Close to the bottom of /catalog/includes/application_top.php change this line:

 

  define('WARN_CONFIG_WRITEABLE', 'true');

To

 

  define('WARN_CONFIG_WRITEABLE', 'false');

BACKUP THE FILE FIRST.

 

You break it - You bought it...

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

ConsultMe

ConsultMe

Posted
Posted

Sorry, fixed my own problem moments later :-S

 

running the CHMOD via php script on the server worked where FTP/SSH failed for some reason.

 

Andrew

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...