both the admin/includes and the includes folders are under the public_html folder.
public_html/admin/includes/configure.php
public_html/includes/configure.php
both the admin/includes and the includes folders are under the public_html folder.
public_html/admin/includes/configure.php
public_html/includes/configure.php
A little help with colors.
myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.
Phew ! - I think I've done it ! Thanks !
HOWEVER, what would have changed the permissions in the first place ?
The permissions would have been set like they were at installation. They have to be changed in order to write/change them.
If this is not a new install, perhaps someone helping you has changed the permissions to work on the files.
If none of the above is the case, you will need to check to see if you've been hacked.
A little help with colors.
myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.
Having sorted one situation out another has presented itself - the images from the mainpage went missing - fortunately, I managed to re-instate them !
The hosting is through RENTACART - guys, DONT USE THEM - seriously their support is non existent, as well as their telephone service !!!!!!!
Browsing on their site I found the following :
Yeah, I'd have immediate attention if I gave them £19.88 !!!!Security Announcement -- Admin Security Patch
A vulnerability has been discovered in the admin section of the carts we use. To take advantage of this vulnerability any attacker must know the URL of your admin section.
A link to the patch is posted below. Please download the patch file and unzip it. The file contains a readme.html with full details on how to install the security patch.
IMPORTANT NOTE:
There are Directories/Folders embedded in the zip. So, when you expand/unzip, you MUST tell your unzip program to expand the folders too! Otherwise you are likely to end up putting the wrong files in the wrong places.
Follow the instructions carefully and remember, the documentation tells you exactly where to put the files. This is an ADMIN patch so all the files go under your admin directory in their respective folders.
Click Here For Patch Download
REMEMBER WHEN APPLYING ANY PATCHES ALWAYS DO A FULL BACKUP. That includes your MySQL database, data and your PHP/HTML/CSS/TEMPLATE/IMAGES files by downloading them to your computer.
We can do all this for you if required.
For 19.88 we will apply the patch, check your site, change your admin directory & update the details in your configure.php file to reflect the changes made. To purchase please click here.
My gripe aside, I have downloaded the patch to my HD so now how do I install in without causing MORE PROBLEMS to the site.
I'd appreciate help !
Kind regards
Please read the line in your post that startsI wouldn't charge a penny over $33.78 to fix thisA link to the patch is posted below. Please download the patch...![]()
A little help with colors.
myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.
Hi,
I'm new to Zen, having used osCommerce before. As an aside, I'm surprised at the similarities between the two... and the differences!!
Anyway, I recently had a problem with an osCommerce install where it required certain folders to have file permissions set to 777. That lead to Russian hackers (so my host told me) writing files to those folders that basically allowed click throughs elsewhere. It was suggested by the osC forums that no folder should be set to anything more than 755.
Now I find a similar vulnerability with Zen. So, will it work with 755 or is there a way to prevent this happening?
Thanks,
Schneckster
Re-reading my previous post, it isn't clear.
What I meant to say was that the suggestions for osC were to set permissions to 755 and rely on suexec on the PHP server. But this is only available on PHP 5+. My server is currently PHP4.49 so this wouldn't work.
Zen has similar suggestions (no mention of suexec, though). Will Zen still work with permissions of 755 without the latest version of PHP?
Schneckster
Yes, Zen Cart is technically "sone of osc", but the is NOT your daddy's shopping cart! In 2004, OSC got some ideas that didn't jive with what some of the folks had in mind. An agreement was made to "divide and conquer". I believe ZC won.
Anyway, unless you mess with it, Zen Cart will install the files with the proper permissions. After installation, you will need to change the permissions on two files (both configure.php).
You will need to due the security patch as it is not incorporated in the 1.3.8a as yet.
You will need to create a custom directory to keep customized files from being overwritten when you upgrade.
You will need to delete the install directory and rename the admin directory (this means you'll have to edit BOTH config files) and set the permissions back to 444 for the config files.
If you are storing any credit card data, you will want to add the PCI patch as well.
A little help with colors.
myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.