Douglas-John Ramm Posted January 17, 2012 Share Posted January 17, 2012 Additional Protection With htaccess/htpasswd This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means. The following files need to be writable by the web server to enable the htaccess/htpasswd security layer: /home/dcsstor1/public_html/shop/admin/.htaccess /home/dcsstor1/public_html/shop/admin/.htpasswd_oscommerce Reload this page to confirm if the correct file permissions have been set This is in red on my Administration page in the backend anybody know how i can fix this Doug Link to comment Share on other sites More sharing options...
Taipo Posted January 17, 2012 Share Posted January 17, 2012 It sounds like those files are not writable by the webserver. if you are using a file manager of some form then find the method used in that manager to change the permissions of the files to writable, usually a file permission of 666 works. If you are using an FTP client then follow the instructions of that particular client to adjust the file permissions to the point the server is able to write to the files...i.e. the error disappears, again, this will probably be a setting of 666. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Douglas-John Ramm Posted January 18, 2012 Share Posted January 18, 2012 i tried that and 444 and other combinations but no luck the message is still there are there any orther files that might need looking at to see if changes have been made. Doug Link to comment Share on other sites More sharing options...
MrPhil Posted January 18, 2012 Share Posted January 18, 2012 Did you verify that the permissions actually changed? It's common for servers to silently ignore chmod requests by FTP browsers, so you end up not changing permissions. If so, use your hosting control panel to change permissions. Also confirm that you are the owner of the file, and not some other account. After that, possibly you're missing the correct file(s) -- did you ever change your "admin" to a different name? Are you installed under a different path? After that, permissions vary on what's needed for osC (via PHP) to write to a given file. 644 may work, 444 definitely will not. Go systematically, not at random. If osC can't write with 644, try 664. Only as last resort try 666, and restore to 644 when you're done with the operation (666 is a security hazard, as is 777). Link to comment Share on other sites More sharing options...
Douglas-John Ramm Posted January 19, 2012 Share Posted January 19, 2012 Did you verify that the permissions actually changed? It's common for servers to silently ignore chmod requests by FTP browsers, so you end up not changing permissions. If so, use your hosting control panel to change permissions. Also confirm that you are the owner of the file, and not some other account. After that, possibly you're missing the correct file(s) -- did you ever change your "admin" to a different name? Are you installed under a different path? After that, permissions vary on what's needed for osC (via PHP) to write to a given file. 644 may work, 444 definitely will not. Go systematically, not at random. If osC can't write with 644, try 664. Only as last resort try 666, and restore to 644 when you're done with the operation (666 is a security hazard, as is 777). I did verify the changes and i asked my hosting company. i own the file or at least thats how i see it. I didn't change the file name or path. i have tried all combinations of permissions and still no luck. doug Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.