Chadduck Posted June 29, 2023 Posted June 29, 2023 I am in the process of migrating from a previous version of OSC and am just getting started. At present the basics are in place, both the frontend and backend load. Before I go further I want to get some basic security in place such as... Changing permissions on the configure.php from 644 to 444 Setting up htaccess/htpasswd NOW - Perhaps I am still living in the stone age with security however I was taught long ago that one of the easiest ways to get hacked was to leave an admin directory named as admin e. g. http://www.mysite.com/admin Within the OSC v4 admin is there a place to rename directories? SPECIFICALLY the admin directory. IF NOT besides these what else needs to have the directory "admin" renamed? <your store directory>/includes/configure.php <your store directory>/admin/includes/configure.php <your store directory>/admin/includes/local/configure.php BJ Quote
Jack_mcs Posted June 29, 2023 Posted June 29, 2023 4 hours ago, Chadduck said: Perhaps I am still living in the stone age with security however I was taught long ago that one of the easiest ways to get hacked was to leave an admin directory named as admin Still correct. 4 hours ago, Chadduck said: Within the OSC v4 admin is there a place to rename directories? SPECIFICALLY the admin directory. I'm not aware of that being available and would be a mistake, in my opinion, if there is. It would just be a catastrophe waiting to happen. However, there is a place to change it when installing the package. 4 hours ago, Chadduck said: besides these what else needs to have the directory "admin" renamed? That should be it. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Chadduck Posted June 29, 2023 Author Posted June 29, 2023 29 minutes ago, Jack_mcs said: I'm not aware of that being available and would be a mistake, in my opinion, if there is. It would just be a catastrophe waiting to happen. However, there is a place to change it when installing the package. @Jack_mcs When I install just about anything anymore I do screen captures of the installation screens that appear. After reviewing those captures, I did not locate the "place" that you said exists. Not saying it doesn't, or that at one time it didn't, only that I do not see it on the screen captures. Screen 1 is the Unpack screen Screen 2 is the license agreement Screen 3 is the Pre-installation Check Screen 4 is the Database Access Screen 5 is the Settings (General & Contact information Screen 6 is the Administrator Account Screen 7 is Complete the installation I installed OSC v 4.12 - perhaps that option was removed? BJ Quote
pandrei Posted June 29, 2023 Posted June 29, 2023 6 hours ago, Chadduck said: Within the OSC v4 admin is there a place to rename directories? SPECIFICALLY the admin directory. 1) Change the name of the admin directory 2) Change the value of the following constant in /admin/includes/local/configure.php: define('DIR_WS_ADMIN', '/admin/'); 6 hours ago, Chadduck said: Changing permissions on the configure.php from 644 to 444 It is possible only for the configure.php in the local sub-directory, because the includes/configure.php should be able to change with system updates. Quote
Chadduck Posted June 29, 2023 Author Posted June 29, 2023 1 hour ago, pandrei said: 2) Change the value of the following constant in /admin/includes/local/configure.php: define('DIR_WS_ADMIN', '/admin/'); But the information also appears in the two other configure.php files. Are you saying that it is not necessary to also change those? BJ Quote
pandrei Posted June 30, 2023 Posted June 30, 2023 6 hours ago, Chadduck said: But the information also appears in the two other configure.php files. Are you saying that it is not necessary to also change those? Do you mean configure-sample.php and admin/includes/configure.php? They don't need to be changed. Quote
Chadduck Posted June 30, 2023 Author Posted June 30, 2023 (edited) 7 hours ago, pandrei said: Do you mean configure-sample.php and admin/includes/configure.php? @pandrei These are the files to which I am referring<your store directory>/includes/configure.php<your store directory>/admin/includes/configure.php<your store directory>/admin/includes/local/configure.php You identified /admin/includes/local/configure.php What about the other two? BJ Edited June 30, 2023 by Chadduck Quote
pandrei Posted July 1, 2023 Posted July 1, 2023 On 6/30/2023 at 4:11 PM, Chadduck said: <your store directory>/includes/configure.php<your store directory>/admin/includes/configure.php I don't see an occurrence in these files. Could you show it with line numbers? Quote
Chadduck Posted July 1, 2023 Author Posted July 1, 2023 (edited) @pandrei I am uncertain to what you are referring to "Could you show it with line numbers?" as these are ACTUAL files within the identified directories. Below is a screen capture of the "/admin/includes" directory Edited July 1, 2023 by Chadduck Quote
pandrei Posted July 1, 2023 Posted July 1, 2023 4 minutes ago, Chadduck said: I am uncertain to what you are referring to "Could you show it with line numbers?" as these are ACTUAL files within the identified directories. I mean this: On 6/30/2023 at 1:44 AM, Chadduck said: But the information also appears in the two other configure.php files. Could you show the part of these files where the information appears? Quote
Chadduck Posted July 1, 2023 Author Posted July 1, 2023 (edited) 1 hour ago, pandrei said: Could you show the part of these files where the information appears? @pandrei CERTAINLY From the admin/includes/ configure.php // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) defined('HTTP_SERVER') or define('HTTP_SERVER', 'http://localhost'); // eg, http://localhost - should not be empty for productive servers defined('HTTPS_SERVER') or define('HTTPS_SERVER', 'http://localhost'); // eg, http://localhost - should not be empty for productive servers defined('HTTP_CATALOG_SERVER') or define('HTTP_CATALOG_SERVER', 'http://localhost'); defined('HTTPS_CATALOG_SERVER') or define('HTTPS_CATALOG_SERVER', 'http://localhost'); defined('ENABLE_SSL_CATALOG') or define('ENABLE_SSL_CATALOG', false); // secure webserver for catalog module defined('DIR_FS_DOCUMENT_ROOT') or define('DIR_FS_DOCUMENT_ROOT', $_SERVER['DOCUMENT_ROOT']); // where the pages are located on the server defined('DIR_WS_ADMIN') or define('DIR_WS_ADMIN', '/trueloaded/admin/'); // absolute path required defined('DIR_FS_ADMIN') or define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN); // absolute pate required defined('DIR_WS_CATALOG') or define('DIR_WS_CATALOG', '/trueloaded/'); // absolute path required defined('DIR_FS_CATALOG') or define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG); // absolute path required defined('DIR_WS_HTTP_ADMIN_CATALOG') or define('DIR_WS_HTTP_ADMIN_CATALOG', 'admin/'); defined('DIR_WS_IMAGES') or define('DIR_WS_IMAGES', 'images/'); defined('DIR_WS_ICONS') or define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); defined('DIR_WS_CATALOG_IMAGES') or define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); defined('DIR_WS_INCLUDES') or define('DIR_WS_INCLUDES', 'includes/'); defined('DIR_WS_BOXES') or define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); defined('DIR_WS_FUNCTIONS') or define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); defined('DIR_WS_CLASSES') or define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); defined('DIR_WS_MODULES') or define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); defined('DIR_WS_AFFILATES') or define('DIR_WS_AFFILATES', DIR_WS_CATALOG . 'affiliates/'); defined('DIR_FS_AFFILATES') or define('DIR_FS_AFFILATES', DIR_FS_CATALOG . 'affiliates/'); defined('DIR_FS_CATALOG_IMAGES') or define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); defined('DIR_FS_CATALOG_MODULES') or define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); defined('DIR_FS_BACKUP') or define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); defined('DIR_FS_CATALOG_XML') or define('DIR_FS_CATALOG_XML', DIR_FS_CATALOG . 'admin/xml/'); defined('DIR_FS_DOWNLOAD') or define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); And from the includes/configure.php starting Line 240 define('DIR_WS_HTTP_ADMIN_CATALOG', 'admin/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_AFFILIATES', 'affiliates/'); Edited July 1, 2023 by Chadduck Quote
pandrei Posted July 1, 2023 Posted July 1, 2023 Thanks. DIR_WS_HTTP_ADMIN_CATALOG is an old and rare constant, but it can still be used. 50 minutes ago, Chadduck said: From the admin/includes/configure.php You can change it like this: defined('DIR_WS_HTTP_ADMIN_CATALOG') or define('DIR_WS_HTTP_ADMIN_CATALOG', ltrim(DIR_WS_ADMIN, '/')); 51 minutes ago, Chadduck said: And from the includes/configure.php starting Line 240 Change to define('DIR_WS_HTTP_ADMIN_CATALOG', 'your_new_admin_dir/'); Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.