Jump to content


Corporate Sponsors


Latest News: (loading..)

- - - - -

Installation security warning

Started by minnoe, Mar 16 2010, 14:52

5 replies to this topic

#1 minnoe

  • Community Member
  • 2 posts
  • Real Name:Julia Chapman

Posted 16 March 2010, 14:52

Hello people, nice to meet you all!

I've just installed osCommerce and I'm now looking at the default 'shop' window, but there is a thing above it that says the following.....

Warning: Installation directory exists at: /customers/pyewacketscorner.co.uk/pyewacketscorner.co.uk/httpd.www/install. Please remove this directory for security reasons.
Warning: I am able to write to the configuration file: /customers/pyewacketscorner.co.uk/pyewacketscorner.co.uk/httpd.www/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

I'm very new to this, and it sounded easy (little effort & no cost was the phrase i remember :P , well there's been no cost but my brain definitely hurts....) can anyone tell me how i correct these errors please? My host is One.com.

Thankyou, and I'll make a cup of tea for the first person who answers.... :blink:

#2 mdtaylorlrim

  • Community Member
  • 2,497 posts
  • Real Name:Mark
  • Gender:Male

Posted 16 March 2010, 14:55

View Postminnoe, on 16 March 2010, 14:52, said:

Hello people, nice to meet you all!

I've just installed osCommerce and I'm now looking at the default 'shop' window, but there is a thing above it that says the following.....

Warning: Installation directory exists at: /customers/pyewacketscorner.co.uk/pyewacketscorner.co.uk/httpd.www/install. Please remove this directory for security reasons.
Warning: I am able to write to the configuration file: /customers/pyewacketscorner.co.uk/pyewacketscorner.co.uk/httpd.www/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

I'm very new to this, and it sounded easy (little effort & no cost was the phrase i remember :P , well there's been no cost but my brain definitely hurts....) can anyone tell me how i correct these errors please? My host is One.com.

Thankyou, and I'll make a cup of tea for the first person who answers.... :blink:
First of all, delete the install.php file. If you don't, a Google Bot will come along and run it again for you.

Then, using your hosting company cPanel, use the file manager and change the permissions of the two configure.php files to 444.
Avoid the most asked question. See How to Secure My Site and How do I...?

#3 DunWeb

  • Community Sponsor
  • 10,461 posts
  • Real Name:Chris Dunn
  • Gender:Male
  • Location:Tecumseh, Ontario, Canada N8N 1X8

Posted 16 March 2010, 14:58

Julia,

Using your FTP or cpanel file manager. Rename or remove the install directory. You won't need it again unless something 'bad' happens. Them, go to /includes/configure.php and you will see numbers to the right of the file name. select the file and click change permissions, change those numbers to 444



Chris

lemon in my tea please ;)
:|: Was this post helpful ? Click the LIKE THIS button :|:

:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:

:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:

#4 minnoe

  • Community Member
  • 2 posts
  • Real Name:Julia Chapman

Posted 16 March 2010, 15:19

Thanks guys for your speedy responses! Difficult to post a cup of tea on an open forum but
I'm drinking it on your behalf.... :D
thanks again :)

#5 brata

  • Community Member
  • 11 posts
  • Real Name:Brata

Posted 22 May 2010, 19:01

View PostDunWeb, on 16 March 2010, 14:58, said:

Julia,

Using your FTP or cpanel file manager. Rename or remove the install directory. You won't need it again unless something 'bad' happens. Them, go to /includes/configure.php and you will see numbers to the right of the file name. select the file and click change permissions, change those numbers to 444



Chris

lemon in my tea please ;)

#6 brata

  • Community Member
  • 11 posts
  • Real Name:Brata

Posted 22 May 2010, 19:09

I have the same warning as Julia had, to which a solution was given and apparently worked for her. The "cure" for her was to do the following:

"Using your FTP or cpanel file manager. Rename or remove the install directory. You won't need it again unless something 'bad' happens. Them, go to /includes/configure.php and you will see numbers to the right of the file name. select the file and click change permissions, change those numbers to 444"

My problem is this:When I go to /includes/configure.php using my FTP, I don't see numbers to the right of the file name. I don't know what file name you are talking about. I don't see numbers at all anywhere in /includes/configure.php.

Just to be clear: my issue is this: On my online store, out of the blue, the following warning came on:

"Warning: I am able to write to the configuration file: .../catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

I put ... instead of the actual website info just in case it is actually not safe.

Please consider me illiterate when it comes to this - so PLEEEZE spell it out step by step where to go and what button to push. Thanks.
Back to Installation and Configuration · Next Unread Topic →


  1. osCommerce Support Forum
  2. osCommerce Online Merchant v2.x
  3. Installation and Configuration
  4. Forum Rules