Jump to content
Latest News: (loading..)
videosilva

Additional Protection With htaccess/htpasswd secured through htaccess/htpasswd means.

Recommended Posts

Additional Protection With htaccess/htpasswd

This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means.

The following files need to be writable by the web server to enable the htaccess/htpasswd security layer:


/.htaccess

 

/.htpasswd_oscommerce

 

Reload this page to confirm if the correct file permissions have been set.

 

Any help would be greatly appreciated.

Share this post


Link to post
Share on other sites

You'll need to actually ask a question to get help.

But, before you do, I don't suggest using that option. Instead, use the password protect option in your control panel, if it exists. The reason is because the above method will use the same login as the other one for admin. By using the control panel login, you can change the username and password to something else, making it more secure.

Share this post


Link to post
Share on other sites

Was that not a question ?

 

  Ok, to make it basic 

 

How do I make

/.htaccess

/.htpasswd_oscommerce

to be writable by the web server to enable the htaccess/htpasswd security layer.

 

 Every website that I ever gone to were someone has THOUSANDS of posts it is ALWAYS the same problem. It is IMPOSSIBLE to accumulate that many posts anywhere no matter how committed you are with ANY EDUCATED INFORMATION !

 Now that I look that again. Someone with 28,000 posts would have seen message stated above posted hundreds of times and AUTOMATICALLY had an answer.

 Example:

 

1. I have found the answer to the message displayed in the control Panel.
2. Now that I know the answer I can now relay to others.

OR

Waste of time comments and I could have 28,000 posts ( WILL NEVER HAPPEN IN MY LIFETIME ANYWHERE ). How is a person able to accumulate 28,000 posts ??????????

 

 

 

 

Edited by videosilva

Share this post


Link to post
Share on other sites
21 minutes ago, videosilva said:

 Before you post MORE questions then answers I will try to anticipate your next QUESTIONS.

1. Is it sunny outdoors
2. It is not sunny indoors.
3. Why ?
4. Because the curtains are closed

1.It is cold outside.
2 It is not cold inside the house.
3. Why ?
4. Because we have a heater.

Now that we have that down. What is your NEXT question ?  For future reference do NOT ever answer a question with another question resulting in 28,000.

 

 

 

 

 

 

Edited by videosilva

Share this post


Link to post
Share on other sites

@videosilva

IF your question is, "How do I set the file permissions for these files to be writable by the Web Server?", then you should be able to set the permission through the cPanel on your host. Otherwise, some FTP clients (such as FileZilla) allow you to change file permissions. If you do not have access to the host (either through cPanel or a FTP client), then you will have to ask someone (your client or their host) for access, or for them to change the permissions for you.

If that is NOT your question, please ask it again ...


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Frozen" release here

Share this post


Link to post
Share on other sites

Let's not get snippy. As Jack said, you're much better off using your hosting control panel's "password protect a directory" function, rather than trying to set it up using osC files. The only downside is that the osC security center may not recognize that you've done this, and report that your admin is unprotected. If you have to type in an ID and password to get into your admin, it is working.

I wish that TPTB would simply remove the osC files and instructions for directory protection, and instead advise people to use their hosting control panel's function. If such a thing is not offered on your system, almost certainly what osC supplies will not work!


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

MrPhill it gets very tiresome always the same thing. A question answered with another question. Common sense has to kick in.

 Thank you MrPhil and Artcolnc  for the reply Never thought of using cPanel. I have always set permissions via FTP.

 What should the permissions be set to  ? 777 etc. ?

 

 

Edited by videosilva

Share this post


Link to post
Share on other sites

videosilva Sorry you weren't happy with my answer. But as you see by Malcolm's post, your question was not clear. I've spent time with other posts like this answering what I thought was the question only to have the op reply that that was not what he wanted. I don't think it is unreasonable to ask you to state the question more clearly. But attacking me, anyone, personally for trying to help you will earn you a bad reputation here. I'll try to remember not to reply to any questions you may have in the future so as not to upset you but if you respond that way to others, you may not find the help you need.

Share this post


Link to post
Share on other sites

Avoid 777 permissions if at all possible. They are "world writable", and enable anyone sharing your server to overwrite your files (i.e., it's very insecure). Always grant the least permissions to do the job. This is usually 755 for directories and 644 for files, although this can vary by server setup. Usually it depends on what kind of user that PHP is running as, and whether PHP needs to write, edit, or create files. If it is running as "you", 755/644 will usually do. If it is running in your "group", files and directories that need to be written to may need to be 775/664. If it is running as "other/world" (ordinary user), you might need 777/666 for specific directories or files. Experiment (starting with the lowest permission numbers), or talk with your host support.

Beware of stupid people who tell you first thing off the bat to "chmod everything to 777". They don't know what they're talking about. At best, they're just repeating something that they learned at their daddy's knee, and don't understand what they're saying.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites
55 minutes ago, Jack_mcs said:

videosilva Sorry you weren't happy with my answer. But as you see by Malcolm's post, your question was not clear. I've spent time with other posts like this answering what I thought was the question only to have the op reply that that was not what he wanted. I don't think it is unreasonable to ask you to state the question more clearly. But attacking me, anyone, personally for trying to help you will earn you a bad reputation here. I'll try to remember not to reply to any questions you may have in the future so as not to upset you but if you respond that way to others, you may not find the help you need.

 

 CONGRATULATIONS !!!!  Post 28,752

Share this post


Link to post
Share on other sites
33 minutes ago, MrPhil said:

Avoid 777 permissions if at all possible. They are "world writable", and enable anyone sharing your server to overwrite your files (i.e., it's very insecure). Always grant the least permissions to do the job. This is usually 755 for directories and 644 for files, although this can vary by server setup. Usually it depends on what kind of user that PHP is running as, and whether PHP needs to write, edit, or create files. If it is running as "you", 755/644 will usually do. If it is running in your "group", files and directories that need to be written to may need to be 775/664. If it is running as "other/world" (ordinary user), you might need 777/666 for specific directories or files. Experiment (starting with the lowest permission numbers), or talk with your host support.

Beware of stupid people who tell you first thing off the bat to "chmod everything to 777". They don't know what they're talking about. At best, they're just repeating something that they learned at their daddy's knee, and don't understand what they're saying.

 

 Oh, that just made my head spin.

Share this post


Link to post
Share on other sites

Ok, just tried the different combinations but STILL getting the message

Additional Protection With htaccess/htpasswd

This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means.

The following files need to be writable by the web server to enable the htaccess/htpasswd security layer:

  • /home/******/public_html/dvd/admen/.htaccess
  • /home/*****/public_html/dvd/admen/.htpasswd_oscommerce

Reload this page to confirm if the correct file permissions have been set.

 On another note  I am unable to find /home/*****/public_html/dvd/admen/.htpasswd_oscommerce

 

I changed the valus for /home/******/public_html/dvd/admen/.htaccess with the ones posted above but I keep getting the same message.

 

Edited by videosilva

Share this post


Link to post
Share on other sites

Ahhhhhhhhhhhhhhhhhhhhhhhhhhhh.....................

 I was just in the cPanel for the website. There are NO

  • /home/******/public_html/dvd/admen/.htaccess
  • /home/*****/public_html/dvd/admen/.htpasswd_oscommerce

That I could see.

I was only able to find /home/******/public_html/dvd/admen/.htaccess via FTP.

/home/*****/public_html/dvd/admen/.htpasswd_oscommerce Does not show up via FTP.

 Hope that makes sense.

Edited by videosilva

Share this post


Link to post
Share on other sites

Paul given your replies to those who were trying to help you I'm not surprised that you are not getting any further help.   Remember that those who were replying to your posts are volunteers giving freely of their time and knowledge, just trying to help out.  They should be treated with gratitude and respect. 

At this point you might want to try to make a fresh start.  It's probably not to late.

Dan

Share this post


Link to post
Share on other sites

Attempting to explain this in simple terms. Do this and you can safely ignore the warning message in your original post.

In your cPanel look for Directory Privacy in the Files section.

image.jpeg.5a9049c470000a173806d9209d755c8d.jpeg

It may be called "Password protect directories" Click on it and a list of the directories on the server will appear. Click on your admin directory (which incidentally should have been renamed) and then tick the "Password protect this directory" box, create a user name which can be the same as your OSC login name and a different strong password to your OSC admin one The Enter a name etc box is the text that is displayed to anybody attempting to log in. Humorously I have "What are you doing here? Your Cpanel may look different to mine but the principal is the same for all variations.

image.jpeg.ea06571cf76b3e3b5a7df5b0c290421a.jpeg


OsC 2.3.4.1 CE Frozen   PHP 7.2   MySQL 10.1.36-MariaDB-cll-lve

Share this post


Link to post
Share on other sites
8 hours ago, videosilva said:

 CONGRATULATIONS !!!!  Post 28,752

Let's be a little bit more professional @videosilva - take this as a friendly warning...

Remember that every post you make...is public info and it is very easy to track back and find your shop.
Displaying a poor attitude here can make potential customers look elsewhere.

A number of shopowners, myself included, know this...to their cost.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites
10 hours ago, videosilva said:

 Oh, that just made my head spin.

It can be complicated, but it's stuff you need to know to successfully run a site. Usually it's the minimum settings of 755/644, unless PHP needs to write to certain files, in which case you may need to loosen up (higher number) permissions.

Don't bother with fooling with the supplied osC files to password protect your admin. Try using your hosting system's built-in function to protect admin. It's much easier to use and is much more likely to do the job properly. If you can't find it, ask your host tech support. No good host fails to offer this.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites
6 hours ago, burt said:

Let's be a little bit more professional @videosilva - take this as a friendly warning...

Remember that every post you make...is public info and it is very easy to track back and find your shop.
Displaying a poor attitude here can make potential customers look elsewhere.

A number of shopowners, myself included, know this...to their cost.

12,000 posts. How did you help this post EXACTLY ?

 

 

Edited by videosilva

Share this post


Link to post
Share on other sites
8 hours ago, mhsuffolk said:

Attempting to explain this in simple terms. Do this and you can safely ignore the warning message in your original post.

In your cPanel look for Directory Privacy in the Files section.

image.jpeg.5a9049c470000a173806d9209d755c8d.jpeg

It may be called "Password protect directories" Click on it and a list of the directories on the server will appear. Click on your admin directory (which incidentally should have been renamed) and then tick the "Password protect this directory" box, create a user name which can be the same as your OSC login name and a different strong password to your OSC admin one The Enter a name etc box is the text that is displayed to anybody attempting to log in. Humorously I have "What are you doing here? Your Cpanel may look different to mine but the principal is the same for all variations.

image.jpeg.ea06571cf76b3e3b5a7df5b0c290421a.jpeg

Got it. Thank you for your time and KNOWLEDGE ! Less then 200 posts IMAGINE that.

Share this post


Link to post
Share on other sites

You're kind of being a smartass.  And not the good kind. 

Edited by John W

I'm not really a dog.

Share this post


Link to post
Share on other sites

28000+ posts and maybe a few hundred bad ones.
12000+ posts and maybe a few hundred bad ones.

You -> 14 posts -> more than half are bad.

Well done sir you just set a new record. :thumbsup:
Keep it up and you won't get past 20.

Edited by Tsimi

Share this post


Link to post
Share on other sites

Hello gentlemen, I am experiencing the same message and I have no clue what the "htaccess/htpasswd security layer” is or how to enable it. I read the post about securing the admin folder and I tried that but it creates ANOTHER login layer that I'd rather not have to repeatedly use... What is this security layer, and how do I enable it? 

 

Share this post


Link to post
Share on other sites

IMO securing the admin folder is more secure than the htaccess/htpasswd security layer method. The fact that you have to log in twice is a small price to pay.


OsC 2.3.4.1 CE Frozen   PHP 7.2   MySQL 10.1.36-MariaDB-cll-lve

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×