Image Handler 4 (for v1.5.x) Support Thread

[DivaVocals]

there is already an htaccess file in the bmz_cache folder

I am using zen cart 1.5.1 and have become concerned about the number of hacking attempts that I see in the server error logs.I am making an effort to beef up site security and believe the images folders are vulnerable.
Image Handler4 seems to need permissions of 755 on folders in the bmz_cache and 666 on image files within the cache in order to work properly.If I protect the bmz_cache folder with htaccess is that going to be hack resistant ?

[cefyn]

there is already an htaccess file in the bmz_cache folder

Ha,yes,well,you were a bit ahead of me there then,ahem,obviously.What I am finding hard to believe is that .htaccess can protect a folder from unauthorised users even if the permissions on it and the files and folders in it are 777.I'm testing this,and it seems to be the case.Or am I missing something? And if I am, please tell me what it is.

[cefyn]

Sorry,it's an impossible question to answer.Too many ifs and buts .It will prevent browser access by anyone,but is only safe if you're on a dedicated server secured against unauthorised sshd and sftp access.

[DivaVocals]

Ha,yes,well,you were a bit ahead of me there then,ahem,obviously.What I am finding hard to believe is that .htaccess can protect a folder from unauthorised users even if the permissions on it and the files and folders in it are 777.I'm testing this,and it seems to be the case.Or am I missing something? And if I am, please tell me what it is.

Sorry,it's an impossible question to answer.Too many ifs and buts .It will prevent browser access by anyone,but is only safe if you're on a dedicated server secured against unauthorised sshd and sftp access.

You REALLY should start a new thread to discuss this.. Your general question is only moderately related to IH4.. You could apply the same question to the default images folder as well.. If you REALLY are concerned about security and .htaccess, start a new thread..

[cefyn]

Sorry ,I was a bit freaked by a couple of bruteforce password attacks and didn't ask a coherent question.The main images folder is ok with normal permissions.If I have 644 on files in the bmz_cache I keep getting errors - failed to open bmz cache for writing,permission denied in lines 645 and 655 in bmz_image_handler.class.php.It runs without errors with world write permissions.Is there something I should correct,or is that as it should be?

[lhungil]

Sorry ,I was a bit freaked by a couple of bruteforce password attacks and didn't ask a coherent question.The main images folder is ok with normal permissions.If I have 644 on files in the bmz_cache I keep getting errors - failed to open bmz cache for writing,permission denied in lines 645 and 655 in bmz_image_handler.class.php.It runs without errors with world write permissions.Is there something I should correct,or is that as it should be?

Sounds like your hosting provider may be running PHP using the web server's account (instead of an account created specifically for your website). In this case the web server's account must have write permission to the bmz_cache folder (as well as the Zen Cart image, cache, log, and other folders).

You can contact your hosting provider for more details on what permissions will be necessary (as they depend upon the server configuration). No further response to your questions about "security" and changing "permissions" will be answered by me in this thread. If your hosting provider is unable to assist you, you can start a new thread... But your hosting provider is the only one with all the relevant information on how their servers are configured.

To start a new thread click the large "Post New Thread" button (probably in the General Forum or the Installing on Linux Forum).

[cefyn]

Thank you for your patience,and your kindness in providing such a comprehensive answer.

Solved.