2 replies to this topic

[henry67]

Hello,

I have had this warning on the front page of my website now for 6 days.





Warning: I am able to write to the configuration file: /home/dogsup5/public_html/shop/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.



I have informed the programmer/developer but have not received an answer regarding this.

My question: not sure how much longer this will take to get fixed, how much should I worry about it? Besides the fact that my site has not had a sale since this mess started (10 days ago), what other damage can someone do to my site?

Thanks

[FIMBLE]

All you need do is change the file permissions of two files

catalog / includes / configure.php
catalog / admin / includes / configure.php
if you do not have catalog then ignore that part
you need to set the permissions to 444
Nic

[MrPhil]

Once you've corrected the two files to make them "read only", you need to figure out what happened to your site that they became writable in the first place. Presumably they were "read only" until 6 days ago. Has anyone done work on your system around that time, and perhaps forgot to reprotect these files? They shouldn't just change permissions by themselves. Did your host do a file restore at that time? Any evidence that you've been hacked?

Once that frightening warning is off your pages, perhaps your customers will start buying again. It's not unheard of for customers to be scared away by this warning.

Edited by MrPhil, 27 November 2011 - 06:53 PM.