Need help on a security message
I didn't know if this was the right place to post this. I've posted it anyway seems it is a security risk
Hi can anybody help me out I have been going over and over and over again this problem I have looked at every single FAQ and every single bit of help I can find on this website and I can't seem to figure out why this security message will not go away
This security message is: Warning: I am able to write to the configuration file: /mnt/vol1/home/e/l/electr7/public_html/includes/configure.php. This is a potential security risk - please set the right user permissions on this file (read-only, CHMOD 644 or 444 are typical). You may need to use your webhost control panel/file-manager to change the permissions effectively. Contact your webhost for assistance.
Now I have tried to use those command codes but no matter what I do it keeps coming up with this message can anybody help me out
Any advice would be appreciated thank you in advance if you need to see this message go to my website www.electronicenterprise.co.uk
Re: Need help on a security message
login to your hosting control panel and use the file manager to set the permissions for includes/configure.php
some servers dont let low permissions be set
Re: Need help on a security message
I have figured out how to fix this problem it is very simple and very straightforward if you are still getting this message when you have entered the correct cold (644 or 444) and yet still getting the message then simply follow these instructions.
Go to includes/init_includes/init_header and edit line number 24 or 25 you need to change true to false. This then should make the message disappear and fix the problem the reason for this is that zen cart is out of date and can not use the new version of PHP if this does not fix your problem then you are doing something wrong.
Re: Need help on a security message
The problem of the write to config files Error msg. has long ago, been discussed and resolved.
The problem is not the PHP version used nor Zen Cart having problems but instead, it is dependent upon how the Server is setup to run PHP; as an Apache module or as CGI.
Re: Need help on a security message
we run php 5+ on all of our servers and do not have this issue,.
you need to make sure that by changing the settings in the core file that you are indeed secure.
would kinda suck for you if someone were to run an install script then run the results against your site and overwrite your configure file,
Much better to go into your control panel, go to their file manager and set the permisions there since changing to 444 on most systems is not availabel using ftp software
Re: Need help on a security message
I've just run into this php-cgiwrap issue today as a matter of fact. didn't matter wether I ran php4 or php5. Both of my config files had 444 permissions and when php-cgiwrap was installed, I suddenly got the "no input file selected" error. Disabling php-cgiwrap instantly got rid of the error.
So I guess what I want to know is how to run php-cgiwrap and not get the error message. another thread mentioned making an override for an init file but the particular init file did not exist in my installation, so I'm not sure if that is still a valid workaround or not.
Any thoughts on this recurring topic?