Webmastersite.net
Register Log In

security

Comments on security

fuee
Forum Regular

Usergroup: Customer
Joined: Nov 01, 2004

Total Topics: 56
Total Comments: 121
fuee
Posted May 24, 2005 - 11:56 PM:

How can I increase my admin security?

My File Upload Path under system configuration and Directory URL in the admin panel have been changed twice in the past two months and it is not by me. I have changed my admin file since the first time and now it happened again. I am not sure if someone hacked in to my account or if its a bug. Has anyone else experience this problem?

1) I use www.yoursite.com for directory url and the www was striped below to yoursite.com

Directory URL:
The location of your links directory. Exclude trailing '/'. Example: http://www.yoursite.com now became http://yoursite.com

2) My path is striped of the back slash and all the letters were not separated except a back slash at the end.

File Upload Path:
The full path (not URL) of your attachments directory. Include trailing / or \.
Best guess: it's probably /www/f/fd/yoursite.com/admin now became wwwffdyoursite.comadmin/



Thanks,
Fuee
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted May 25, 2005 - 3:28 PM:

The changing has nothing to with security. If somebody hacked you, they would find more things to do than simply remove slashes. It is a known issue that slashes occasionally vanish from the file path. I've not yet seen a pattern to indicate when/how this happens, except it seems kind of like it happens to me around when the server is rebooted.

3.20 allows specification of $uploadpath = '/www/...'; in config.php to prevent such issues, but 3.15 doesn't.

The www removal I have never seen or heard about.
fuee
Forum Regular

Usergroup: Customer
Joined: Nov 01, 2004

Total Topics: 56
Total Comments: 121
fuee
Posted May 26, 2005 - 11:49 PM:

Paul wrote:
The changing has nothing to with security. If somebody hacked you, they would find more things to do than simply remove slashes. It is a known issue that slashes occasionally vanish from the file path. I've not yet seen a pattern to indicate when/how this happens, except it seems kind of like it happens to me around when the server is rebooted.

3.20 allows specification of $uploadpath = '/www/...'; in config.php to prevent such issues, but 3.15 doesn't.

The www removal I have never seen or heard about.


Paul,
Is it possible for me to just update only the admin files in the upgrade to 3.20 so i can correct this error and receive any additional benifits with the admin changes you have made? I rather not update to the new templates since I am sastified with my current template layout.
Thanks,
Fuee
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted May 27, 2005 - 12:42 AM:

The admin files rely on other files. But no templates actually have to be overwritten as far as I am aware except admin panel templates. However, 3.20 is experimental and thus is likely to have bugs so you'd be sacrificing stability.
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted May 28, 2005 - 8:13 PM:

Bad memory here on my part it seems. On check, the option is actually in 3.15 already. Just add these lines to your config.php (inside the php area):

$dirurl = 'http://yoururl.com';
$uploadpath = '/your/file/path/';
Search thread for
Download thread as
  • 0/5
  • 1
  • 2
  • 3
  • 4
  • 5



This thread is closed, so you cannot post a reply.