Jump to content

Archived

This topic is now archived and is closed to further replies.

srobonsai

Store web page hacked and can't find which file to fix

Recommended Posts

The following warning is displaying at the top of the main store page.

 

Warning: I am able to write to the configuration file: /home/paulpike/public_html/store/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

Pretty sure it happened after I used Microsoft Expression Web 4 to ftp the site to local drive for first time to fix a site issue with USPS.

 

Also by doing so, it added _VTI_Conf to every folder on the site causing confusing text to appear on main page. Got that fixed but need help with the warning shown. I've changed the permissions on the configure.php file and will read up on security. I've acquired the site and just don't know enough about MS Expression or PHP yet.

 

I've spent many hours trying to find it and I'm sure with help I could get it resolved more quickly.

 

Pretty new at posting here so please forgive if it's not quite right.

 

Thanks so much.

Share this post


Link to post
Share on other sites

@@srobonsai

 

Change the permissions of the TWO configure.php files to 444.

 

Also, use Filezilla or another similar FTP client to upload your files, NOT MS Expression.

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Sandy

 

As with most problems you encounter when using osc, goole has the answer, a search using this prefix

 

site:forums.oscommerce.com

 

e.g.

 

site:forums.oscommerce.com Warning: I am able to write to the configuration file

 

will generally provide the answer.

 

Check your host's knowledgebase on changing file permissions.

 

Most MS products add stuff somehow to something, in this case it is extra files, some of their editors add extra html, best to steer clear of them untill you know how they will mess thing up.

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

×