My File Upload Path under system configuration and Directory URL in the admin panel have been changed twice in the past two months and it is not by me. I have changed my admin file since the first time and now it happened again. I am not sure if someone hacked in to my account or if its a bug. Has anyone else experience this problem?
1) I use www.yoursite.com for directory url and the www was striped below to yoursite.com
2) My path is striped of the back slash and all the letters were not separated except a back slash at the end.
File Upload Path: The full path (not URL) of your attachments directory. Include trailing / or \. Best guess: it's probably /www/f/fd/yoursite.com/admin now became wwwffdyoursite.comadmin/
The changing has nothing to with security. If somebody hacked you, they would find more things to do than simply remove slashes. It is a known issue that slashes occasionally vanish from the file path. I've not yet seen a pattern to indicate when/how this happens, except it seems kind of like it happens to me around when the server is rebooted.
3.20 allows specification of $uploadpath = '/www/...'; in config.php to prevent such issues, but 3.15 doesn't.
Paul wrote: The changing has nothing to with security. If somebody hacked you, they would find more things to do than simply remove slashes. It is a known issue that slashes occasionally vanish from the file path. I've not yet seen a pattern to indicate when/how this happens, except it seems kind of like it happens to me around when the server is rebooted.
3.20 allows specification of $uploadpath = '/www/...'; in config.php to prevent such issues, but 3.15 doesn't.
The www removal I have never seen or heard about.
Paul, Is it possible for me to just update only the admin files in the upgrade to 3.20 so i can correct this error and receive any additional benifits with the admin changes you have made? I rather not update to the new templates since I am sastified with my current template layout. Thanks, Fuee
The admin files rely on other files. But no templates actually have to be overwritten as far as I am aware except admin panel templates. However, 3.20 is experimental and thus is likely to have bugs so you'd be sacrificing stability.
Comments on security
Forum Regular
Usergroup: Customer
Joined: Nov 01, 2004
Total Topics: 56
Total Comments: 121
How can I increase my admin security?
My File Upload Path under system configuration and Directory URL in the admin panel have been changed twice in the past two months and it is not by me. I have changed my admin file since the first time and now it happened again. I am not sure if someone hacked in to my account or if its a bug. Has anyone else experience this problem?
1) I use www.yoursite.com for directory url and the www was striped below to yoursite.com
Directory URL:
The location of your links directory. Exclude trailing '/'. Example: http://www.yoursite.com now became http://yoursite.com
2) My path is striped of the back slash and all the letters were not separated except a back slash at the end.
File Upload Path:
The full path (not URL) of your attachments directory. Include trailing / or \.
Best guess: it's probably /www/f/fd/yoursite.com/admin now became wwwffdyoursite.comadmin/
Thanks,
Fuee
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
The changing has nothing to with security. If somebody hacked you, they would find more things to do than simply remove slashes. It is a known issue that slashes occasionally vanish from the file path. I've not yet seen a pattern to indicate when/how this happens, except it seems kind of like it happens to me around when the server is rebooted.
3.20 allows specification of $uploadpath = '/www/...'; in config.php to prevent such issues, but 3.15 doesn't.
The www removal I have never seen or heard about.
Forum Regular
Usergroup: Customer
Joined: Nov 01, 2004
Total Topics: 56
Total Comments: 121
The changing has nothing to with security. If somebody hacked you, they would find more things to do than simply remove slashes. It is a known issue that slashes occasionally vanish from the file path. I've not yet seen a pattern to indicate when/how this happens, except it seems kind of like it happens to me around when the server is rebooted.
3.20 allows specification of $uploadpath = '/www/...'; in config.php to prevent such issues, but 3.15 doesn't.
The www removal I have never seen or heard about.
Paul,
Is it possible for me to just update only the admin files in the upgrade to 3.20 so i can correct this error and receive any additional benifits with the admin changes you have made? I rather not update to the new templates since I am sastified with my current template layout.
Thanks,
Fuee
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
The admin files rely on other files. But no templates actually have to be overwritten as far as I am aware except admin panel templates. However, 3.20 is experimental and thus is likely to have bugs so you'd be sacrificing stability.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
Bad memory here on my part it seems. On check, the option is actually in 3.15 already. Just add these lines to your config.php (inside the php area):
$dirurl = 'http://yoururl.com';
$uploadpath = '/your/file/path/';