Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Join Date
    Jan 2010
    Posts
    28
    Plugin Contributions
    0

    red flag security warning configure.php

    new zen cart 1.3.8
    installed using cPanel.
    Not yet on a local machine.

    Changed permissions on a bunch of files and folders as per the doc included in Zen cart.
    This big warning showed-up at the top of the cart:

    Warning: I am able to write to the configuration file: /home/xxxxxxx/public_html/store/includes/configure.php. This is a potential security risk - please set the right user permissions on this file (read-only, CHMOD 644 or 444 are typical). You may need to use your webhost control panel/file-manager to change the permissions effectively. Contact your webhost for assistance.

    I have changed the permissions back to their original settings but the message still appears.

    I must admit I very confused about how to set-up the store since the info is very different in the docs, in the book, and on this forum.

    Should I just remove the store and reinstall?

    Thanks for your help.

    Joe

  2. #2
    Join Date
    Jul 2006
    Location
    Montreal, Canada
    Posts
    2,279
    Plugin Contributions
    0

    Default Re: security warning configure.php

    Follow the doc or book to set permission for your files and folders .. now , depending on server configuration , CHMOD 644 or 444 will work for files, if you tried CHMOD 644 configure.php file and warning still there , try CHMOD 444 .

  3. #3
    Join Date
    Aug 2004
    Location
    New York City
    Posts
    7,174
    Plugin Contributions
    0

    Default Re: security warning configure.php

    How are you setting the permissions? Are you sure the permissions are changed?
    Mary Ellen
    I came; I saw; I Zenned
    Taking over the world... one website at a time
    Make sure brain is engaged before putting mouth in gear... or fingers to keyboard.

    Holzheimer
    Fan Odyssey

  4. #4
    Join Date
    Jan 2010
    Posts
    28
    Plugin Contributions
    0

    Default Re: security warning configure.php

    I'm using cPanel File Manager to change the permissions.
    I've tried 644 and 444 and still have hte same message.
    The folks at host papa have tried changing the permissions manually and the message still appears!

    Any other options you can think of?

    Thanks

  5. #5
    Join Date
    Jan 2010
    Posts
    28
    Plugin Contributions
    0

    Default Re: security warning configure.php

    I'm using cPanel File Manager to change the permissions. I don't really get why I had to change them in the first place. All very confusing for me

  6. #6
    Join Date
    Feb 2010
    Posts
    1
    Plugin Contributions
    0

    Default Re: security warning configure.php

    Hi, I am experiencing the exact same problem. I have change the file permissions to all listed yet the message still remains the same. I have rechecked to make sure the permissions have changed and they appear to be what I have set them to both in the CP of my host and through my FTP.

    Can anyone help?

  7. #7
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,266
    Plugin Contributions
    3

    Default Re: security warning configure.php

    Quote Originally Posted by joez5374 View Post
    All very confusing for me
    Permissions relate to whether a file / folder is:

    readable (by user, group, world)
    writeable (by user, group, world)
    executable (by user, group, world)

    Depending on the file / folder, permissions need to be restricted, to prevent unauthorized people from writing to, or even executing such files / folders (and their contents).

    Because the configure files contain such sensitive data, they must be READABLE ONLY.

    On most servers, this CHMOD setting is 444 (or 0444) = READ ONLY for user AND group AND world.

    Some servers are configured to allow 644 (0644) without generating the ZC security warning, but I always set to 444 regardless.

    If, after setting to 444, you are still getting the warning, then a server configuration issue is usually the case, and your host should sort this out.

    It is common for servers NOT to allow chmod to 444 via a FTP program, and this level can only be set at the CPanel.

    If your host has tried the setting at 444, and cannot explain the re-appearance of the ZC warning, then start to have doubts about your host's knowledge of server configuration.
    20 years a Zencart User

  8. #8
    Join Date
    Jan 2004
    Posts
    66,445
    Plugin Contributions
    81

    Default Re: security warning configure.php

    Quote Originally Posted by centaur View Post
    HOWEVER, I would be interested as to why this happened after months of smooth activity. I can't help suspecting hacker activity however slight.
    Exactly. So, you need to work with your hosting company to sort out exactly what happened and why.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #9
    Join Date
    Mar 2010
    Posts
    2
    Plugin Contributions
    0

    Default Re: security warning configure.php

    HI,

    Am new to Zen Cart, but also getting the warning. Have tried all ways to set from 644 to 444, but not happening, and I don't want to put info up and advertise to the world there may be a way in to hack.

    sadly I cannot get to the thread that tells you how to stop this coming up, ie suppress the message. Any help is appreciate as switched to Zencart after loosing 2 months work with Joomla, and the back ups failed.

    cheers Adam

  10. #10
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: security warning configure.php

    Start with a blank text file and inside put the following code:

    <?php
    chmod("includes/configure.php", 0444);
    chmod("admin/includes/configure.php", 0444);
    echo 'Completed'
    ?>


    Note: if you renamed the 'admin' directory then change "admin" to whatever you renamed it to and you're good to go.

    Save the file as chmod.php and upload it to the same directory where these files are:
    index.php - ipn_main_handler.php - nddbc.html

    Now load this URL into your Browser: http://yoursite.com/chmod.php
    (adjust URL accordingly if Zen Cart is in a sub-directory)

    Once you see the 'Completed' msg. then load your Zen Cart "index" page to verify Error msg. is gone.

    Now delete the chmod.php page.

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Getting configure.php CHMOD Warning
    By rfresh in forum Templates, Stylesheets, Page Layout
    Replies: 2
    Last Post: 10 Jan 2009, 06:24 PM
  2. configure.php file warning
    By Sabkor in forum Installing on a Linux/Unix Server
    Replies: 5
    Last Post: 31 Oct 2008, 10:47 PM
  3. Security warning message: configure.php is writeable
    By sccr410 in forum General Questions
    Replies: 6
    Last Post: 11 Apr 2007, 01:41 AM
  4. Configure.php security
    By MHJGKane in forum General Questions
    Replies: 3
    Last Post: 24 May 2006, 09:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg