Guest Posted April 19, 2011 Share Posted April 19, 2011 Hi all, After having my old 2.x site hacked I have upgraded to 3.0.1 and started over. I'm going through now & wanting to make sure I don't get any problems this time around so want to get the permissions & security setup right. By default pretty much all of the directories seem to be set to 755, but the Security Directory Permissions tool in my admin panel seems to think they are all writable? The problem I am having when I try to change any permissions is that I am then locked out of my admin panel. I've read through some of the posts on here suggesting that all files should be set to 644 etc, but as soon as I do that I can't access my admin panel. Hopefully someone can offer some advice please. Thanks Jon Link to comment Share on other sites More sharing options...
burt Posted April 19, 2011 Share Posted April 19, 2011 After having my old 2.x site hacked I have upgraded to 3.0.1 and started over. 3 is not suitable for use on any live shop, unless the shop owner is a hardcore php developer. 2.3.1 is where you should be for now. HPDL; v3.0 does not contain a full user feature set to be able to run an online store on Sparky; anyone that jumps into something which isn't even proven is asking for trouble [...] we will learn a lot before I would use it for "end users", I'm hoping the community will help shape what it becomes A question to you, now that you are on 3. Have you tried adding a new category to your shop? Link to comment Share on other sites More sharing options...
Taipo Posted April 19, 2011 Share Posted April 19, 2011 I'm going through now & wanting to make sure I don't get any problems this time around so want to get the permissions & security setup right. By default pretty much all of the directories seem to be set to 755, but the Security Directory Permissions tool in my admin panel seems to think they are all writable? The problem I am having when I try to change any permissions is that I am then locked out of my admin panel. I've read through some of the posts on here suggesting that all files should be set to 644 etc, but as soon as I do that I can't access my admin panel. Hopefully someone can offer some advice please. Thanks Jon The problem is that there essentially are two methods used by webhosts to configure webservers. Most scripts like Oscommerce cater to the standard method where directory permissions of 755 are read only, and file permissions of 644 are also read only. However there is another major method that webhost companies are using to configure their servers in which 755 is writable for directories and 644 is writable. Read more here http://www.oscommerce.com/forums/topic/373047-a-chat-about-file-permissions/ In the second method of configuration, permissions are less of an issue, but you run in to problems when a script demands a file be read only when some hosts disallow that setting. The problem is that most developers are not overly familiar with this type of configuration and do not realise that file permissions are not the same security protection as they are with the first method. Yes you can make a file read only by changing its permissions to 444, but PHP which has owner permissions, can change the permissions back to writable. The thing to understand with method two is that permissions are no longer the way a virtual webhost is secured against attacks. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Guest Posted April 19, 2011 Share Posted April 19, 2011 sorry guys this was posted in the wrong forum. I am actually running 2.3. I've asked a mod to delete this post. Link to comment Share on other sites More sharing options...
Guest Posted April 19, 2011 Share Posted April 19, 2011 OK, so just to confuse the issue the moderator has deleted my corrected post & moved the original post into this forum. So if I may start again. The Security Directory Permissions tool in my admin panel is showing that all of my directories are writable. I've checked & they are all set to 755 except the 2 configure.php files. If I then try to change any of those permissions I get locked out of the relevant directory. Do I need to worry about what the security toll is telling me or is 755 an acceptable & safe setting to use across the board? My apologies for the convoluted way of getting to the point. Jon Link to comment Share on other sites More sharing options...
Xpajun Posted April 19, 2011 Share Posted April 19, 2011 755 for directories 644 for files except the configure.php files which should be 444 or 400 (if they work on 400) Files rarely work if they are not readable directories rarely allow files to be read if they (the folder) are not executable There is no documentation for the Security Directory Permissions tool so who knows what it is supposed to be telling you My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary Link to comment Share on other sites More sharing options...
LarryD Posted May 12, 2011 Share Posted May 12, 2011 Answered here... There is no documentation for the Security Directory Permissions tool so who knows what it is supposed to be telling you Link to comment Share on other sites More sharing options...
kranthi Posted January 30, 2012 Share Posted January 30, 2012 Hi , I'm new to Oscommerce , i don't know whether this is right area to post my problem r not..... Initial i developed my oscommerce site on my localhost which works fine ,but whn i moved project to my office staging server(122.183.93.234) what r the changes to be made in admin/include/configure.php file...... Quick reply will be appreciated........ Thanks Link to comment Share on other sites More sharing options...
Guest Posted January 30, 2012 Share Posted January 30, 2012 @@kranthi, You will need to set the actual path. The actual path depends on your server configuration and could be something like this: /home/content/sitename/public_html/ You will need to set the actual paths in both the /includes/configure.php and the /admin/includes/configure.php files. Chris Link to comment Share on other sites More sharing options...
kranthi Posted January 30, 2012 Share Posted January 30, 2012 Thank you chris for your quick reply , finally i got the path which like '/opt/lamp/htdocs/website/'........ thnq u for ur response once again Link to comment Share on other sites More sharing options...
kranthi Posted January 30, 2012 Share Posted January 30, 2012 HI chris , GM , do u hv any idea abt any chat applications whc shoots for osc 2.3.1 projects .My client is asking chat application in the project. Quick reply will be appreciated........ kranthi...... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.