Elena1 Posted July 7, 2003 Share Posted July 7, 2003 hi everybody, i visited my site which has osc and i see no the top this frase: Warning! :I am able to write to the configuration file: /home/fashiona/public_html/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. How could it happen!? What to do now to protect my site from hackers? I understand that my site got hit my hackerchallenge this weekend... :( does anybody has the same problem? thank you in advance for helping... Elena. Sometimes, ignorance is not bliss. Link to comment Share on other sites More sharing options...
osCfan Posted July 7, 2003 Share Posted July 7, 2003 :) Relax...it's just saying that you need to change your permission of the 2 config files (catalog/includes/config.php and catalog/admin/includes/config.php) just in case other computer can access and change them...so why config file is so important? :? because it contains all your website's information such as user name and password to your database in this case. You need to change the permission of the two config files to 644. Do you know how to do that? Let me know if you need more help on that. I will post more information on security of those config file after this post. :D Steve Link to comment Share on other sites More sharing options...
osCfan Posted July 7, 2003 Share Posted July 7, 2003 Here is a post by TB (Tony), it should give you some idea of how to protect the 2 config files: There are a few things you can do to secure the admin folder. First level of protection would be the web protection. Next thing you could do is to move the configure.php file to behind the directories which can be accessed by the internet. (This step can be done for both catalog and admin interfaces) Example: Site setups vary though this is a common setup: Internet File System www.yourdomain.com = /usr/home/yourdomain/public_html/ /usr/home/yourdomain/ can't be accessed by any computer through your domain www.yourdomain.com Move catalog/includes/configure.php from /usr/home/yourdomain/public_html/catalog/includes/configure.php to /usr/home/yourdomain/includes/configure_catalog.php Once you've done this, you will need to create a new catalog/includes/configure.php This is the code that should be inside that file. Configure.php <?php if (!file_exists('includes/local/configure.php')) { require('/home/yourdomain/includes/configure_catalog.php'); } ?> The way this code is setup, is that it looks to see if you're using a local test server (the includes/local/ directory shouldn't be uploaded to your web server). If you're not on a local test server, than it will load all your configuration details from the configure_catalog.php file. The reason you'd want to put this file behind anywhere the internet could get it is because it holds your database password information. Let me know if you need a hand doing setting up either of these things. HTH, Tony Hope this help :D Steve Link to comment Share on other sites More sharing options...
Guest Posted July 7, 2003 Share Posted July 7, 2003 I have check to make sure her 2 configure.php files and both are chmod at 644 and i know the warning was not there on friday Regards The_Bear Link to comment Share on other sites More sharing options...
osCfan Posted July 7, 2003 Share Posted July 7, 2003 So what is the problem, why is she stilling getting that warning? :? Steve Link to comment Share on other sites More sharing options...
Guest Posted July 7, 2003 Share Posted July 7, 2003 That's what i would like to find out ....howcome it appeared all of a sudden like that ! The_Bear Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.