Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

What folder is the Web Configuration file in?


ALL4739

Recommended Posts

Posted

Have old 2.2.3 that has a problem with hackers uploading .PHP files in the image folder and executing a complet website from that location. Have a donated script: http://addons.oscommerce.com/info/7894 that appears it will work but can't find the Web Configuration file it refers to. Anyone???

Posted

It's in a zipped folder, which you can extract with Windows Explorer. That said, I'm not sure how a web.config file works or where it goes. It doesn't appear to be an .htaccess file, which is the usual way to protect a Linux (Apache server) directory. Maybe it's for IIS?

Posted

I went back and looked at the addon and it is a zipped file and does mention IIs. I think you are right. You mention the .htaccess file. There is one in the image directory, I wonder if this exposure to the image file was corrected with a new version of OS? I just need something to keep .php files from being loaded into the image folder. Maybe where all the defines are in the config file would be a place to look. Any suggestions from anyone would be a great help. I am 71 and the ol noggin isn't what it used to be. (neither is the website)

Posted

This is the standard /catalog/images/.htaccess file, used to prevent PHP files from being executed from images:

 

# $Id$
#
# This is used to restrict access to this folder to anything other
# than images

# Prevents any script files from being accessed from the images folder
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
Order Deny,Allow
Deny from all
</FilesMatch>

Options -Indexes

 

Note that it doesn't prevent such files from being uploaded in the first place -- that sounds like you may have overly generous permissions in the directory, such as 777 (should be 755). Also, some hosts don't allow "Options" commands, so you may have to comment out (#) that line if you get a 500 or Internal Server error.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...