Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Join Date
    May 2007
    Posts
    65
    Plugin Contributions
    0

    Default User Permissions / Configuration / Potential Security Risk?

    On my site, winniesonline.co.uk the following appeared. Why and how do I fix it ?


    Warning: I am able to write to the configuration file: /home/winnieso/public_html/store/includes/configure.php. This is a potential security risk - please set the right user permissions on this file (read-only, CHMOD 644 or 444 are typical). You may need to use your webhost control panel/file-manager to change the permissions effectively. Contact your webhost for assistance.



    I would appreciate help to sort the problem.

    Thanks

  2. #2
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: User Permissions / Configuration / Potential Security Risk

    Start with a blank text file and inside put the following code:

    <?php
    chmod("includes/configure.php", 0444);
    chmod("admin/includes/configure.php", 0444);
    echo 'Completed'
    ?>


    Note: if you renamed the 'admin' directory then change "admin" to whatever you renamed it to and you're good to go.

    Save the file as chmod.php and upload it to the same directory where these files are:
    index.php - ipn_main_handler.php - nddbc.html

    Now load this URL into your Browser: http://yoursite.com/chmod.php
    (adjust URL accordingly if Zen Cart is in a sub-directory)

    Once you see the 'Completed' msg. then load your Zen Cart "index" page to verify Error msg. is gone.

    Now delete the chmod.php page/file.

  3. #3
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,691
    Plugin Contributions
    11

    Default Re: User Permissions / Configuration / Potential Security Risk

    OR...
    You have cpanel. Why not use the file manager inside cpanel to change the permissions.
    Click on file manager, Select Web Root, double-click "includes" in the right-hand panel, find the configure.php file, right-click it, and select Change Permissions. Make sure the only check marks are the three across the top for Read. The numbers at the bottom should read 444.
    Click the Change Permissions button and you're done.
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

  4. #4
    Join Date
    May 2007
    Posts
    65
    Plugin Contributions
    0

    Default Re: User Permissions / Configuration / Potential Security Risk

    Firstly Dbltoe, I sent you an email - did you get it ?


    Should I log in via filezilla or is it ok to do it via the host ?

    Doing it via the host when I log into my cpanel / file manager but dont see what you are referring to .....

  5. #5
    Join Date
    Feb 2009
    Posts
    120
    Plugin Contributions
    0

    Default Re: User Permissions / Configuration / Potential Security Risk

    Quote Originally Posted by silverspring View Post
    Firstly Dbltoe, I sent you an email - did you get it ?


    Should I log in via filezilla or is it ok to do it via the host ?

    Doing it via the host when I log into my cpanel / file manager but dont see what you are referring to .....

    Log into your cpanel then go into 'file manager'. Find your 'public_html' folder, expand it and click on 'includes'. Then find the file 'configure.php'. Right click this and select change permissions. Make sure the totals read 444 and that should get rid of that message.

    Do the same for admin/includes/configure.php

  6. #6
    Join Date
    Jan 2008
    Posts
    1,700
    Plugin Contributions
    6

    Default Re: User Permissions / Configuration / Potential Security Risk

    You can also use FileZilla. Basically the same steps as above.

  7. #7
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,691
    Plugin Contributions
    11

    Default Re: User Permissions / Configuration / Potential Security Risk

    Filezilla will not work if the host has that feature turned off. And, most who use cpanel do have the feature disabled.
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

  8. #8
    Join Date
    May 2007
    Posts
    65
    Plugin Contributions
    0

    Default Re: User Permissions / Configuration / Potential Security Risk

    Quote Originally Posted by plymgary1 View Post
    Log into your cpanel then go into 'file manager'. Find your 'public_html' folder, expand it and click on 'includes'. Then find the file 'configure.php'. Right click this and select change permissions. Make sure the totals read 444 and that should get rid of that message.
    Quote Originally Posted by plymgary1 View Post

    Do the same for admin/includes/configure.php



    I found the public_html folder and assumed that I should follow the store/includes/configure.php - there I changed the permissions to 444 and ensured that the 3 boxes at the very top were ticked.

    However, where exactly is the admin/includes/configure.php -
    could you give me the full path ?

    Thanks

  9. #9
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,691
    Plugin Contributions
    11

    Default Re: User Permissions / Configuration / Potential Security Risk

    both the admin/includes and the includes folders are under the public_html folder.

    public_html/admin/includes/configure.php
    public_html/includes/configure.php
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

  10. #10
    Join Date
    May 2007
    Posts
    65
    Plugin Contributions
    0

    Default Re: User Permissions / Configuration / Potential Security Risk

    Phew ! - I think I've done it ! Thanks !

    HOWEVER, what would have changed the permissions in the first place ?

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Security Risk - HTMLArea Image Manager
    By beasleybub in forum All Other Contributions/Addons
    Replies: 7
    Last Post: 17 Jan 2011, 06:17 AM
  2. Weird order - Korea - security risk?
    By mcarbone in forum Managing Customers and Orders
    Replies: 3
    Last Post: 26 Mar 2010, 09:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg