Results 1 to 10 of 17

Hybrid View

  1. #1
    Join Date
    Feb 2009
    Posts
    120
    Plugin Contributions
    0

    Default Re: User Permissions / Configuration / Potential Security Risk

    Quote Originally Posted by silverspring View Post
    Firstly Dbltoe, I sent you an email - did you get it ?


    Should I log in via filezilla or is it ok to do it via the host ?

    Doing it via the host when I log into my cpanel / file manager but dont see what you are referring to .....

    Log into your cpanel then go into 'file manager'. Find your 'public_html' folder, expand it and click on 'includes'. Then find the file 'configure.php'. Right click this and select change permissions. Make sure the totals read 444 and that should get rid of that message.

    Do the same for admin/includes/configure.php

  2. #2
    Join Date
    Jan 2008
    Posts
    1,700
    Plugin Contributions
    6

    Default Re: User Permissions / Configuration / Potential Security Risk

    You can also use FileZilla. Basically the same steps as above.

  3. #3
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,700
    Plugin Contributions
    11

    Default Re: User Permissions / Configuration / Potential Security Risk

    Filezilla will not work if the host has that feature turned off. And, most who use cpanel do have the feature disabled.
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

  4. #4
    Join Date
    May 2007
    Posts
    65
    Plugin Contributions
    0

    Default Re: User Permissions / Configuration / Potential Security Risk

    Quote Originally Posted by plymgary1 View Post
    Log into your cpanel then go into 'file manager'. Find your 'public_html' folder, expand it and click on 'includes'. Then find the file 'configure.php'. Right click this and select change permissions. Make sure the totals read 444 and that should get rid of that message.
    Quote Originally Posted by plymgary1 View Post

    Do the same for admin/includes/configure.php



    I found the public_html folder and assumed that I should follow the store/includes/configure.php - there I changed the permissions to 444 and ensured that the 3 boxes at the very top were ticked.

    However, where exactly is the admin/includes/configure.php -
    could you give me the full path ?

    Thanks

  5. #5
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,700
    Plugin Contributions
    11

    Default Re: User Permissions / Configuration / Potential Security Risk

    both the admin/includes and the includes folders are under the public_html folder.

    public_html/admin/includes/configure.php
    public_html/includes/configure.php
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

  6. #6
    Join Date
    May 2007
    Posts
    65
    Plugin Contributions
    0

    Default Re: User Permissions / Configuration / Potential Security Risk

    Phew ! - I think I've done it ! Thanks !

    HOWEVER, what would have changed the permissions in the first place ?

  7. #7
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,700
    Plugin Contributions
    11

    Default Re: User Permissions / Configuration / Potential Security Risk

    The permissions would have been set like they were at installation. They have to be changed in order to write/change them.
    If this is not a new install, perhaps someone helping you has changed the permissions to work on the files.
    If none of the above is the case, you will need to check to see if you've been hacked.
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

  8. #8
    Join Date
    May 2007
    Posts
    65
    Plugin Contributions
    0

    Default Re: User Permissions / Configuration / Potential Security Risk

    Having sorted one situation out another has presented itself - the images from the mainpage went missing - fortunately, I managed to re-instate them !

    The hosting is through RENTACART - guys, DONT USE THEM - seriously their support is non existent, as well as their telephone service !!!!!!!

    Browsing on their site I found the following :
    Security Announcement -- Admin Security Patch
    A vulnerability has been discovered in the admin section of the carts we use. To take advantage of this vulnerability any attacker must know the URL of your admin section.

    A link to the patch is posted below. Please download the patch file and unzip it. The file contains a readme.html with full details on how to install the security patch.

    IMPORTANT NOTE:

    There are Directories/Folders embedded in the zip. So, when you expand/unzip, you MUST tell your unzip program to expand the folders too! Otherwise you are likely to end up putting the wrong files in the wrong places.

    Follow the instructions carefully and remember, the documentation tells you exactly where to put the files. This is an ADMIN patch so all the files go under your admin directory in their respective folders.

    Click Here For Patch Download

    REMEMBER WHEN APPLYING ANY PATCHES ALWAYS DO A FULL BACKUP. That includes your MySQL database, data and your PHP/HTML/CSS/TEMPLATE/IMAGES files by downloading them to your computer.
    We can do all this for you if required.

    For 19.88 we will apply the patch, check your site, change your admin directory & update the details in your configure.php file to reflect the changes made. To purchase please click here.
    Yeah, I'd have immediate attention if I gave them £19.88 !!!!

    My gripe aside, I have downloaded the patch to my HD so now how do I install in without causing MORE PROBLEMS to the site.

    I'd appreciate help !

    Kind regards

  9. #9
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,700
    Plugin Contributions
    11

    Default Re: User Permissions / Configuration / Potential Security Risk

    Please read the line in your post that starts
    A link to the patch is posted below. Please download the patch...
    I wouldn't charge a penny over $33.78 to fix this
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

 

 

Similar Threads

  1. Security Risk - HTMLArea Image Manager
    By beasleybub in forum All Other Contributions/Addons
    Replies: 7
    Last Post: 17 Jan 2011, 06:17 AM
  2. Weird order - Korea - security risk?
    By mcarbone in forum Managing Customers and Orders
    Replies: 3
    Last Post: 26 Mar 2010, 09:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg