stevel Posted December 5, 2005 Author Share Posted December 5, 2005 This contribution does not use the database at all. So, any problem you have with the database is not related to this contribution. Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
Zarus Posted December 22, 2005 Share Posted December 22, 2005 This is the official support topic for the contribution Protection of Configuration Please report any problems with this contribution here. I just want to thank you for this great addon, it was exactly what I needed to get this annoying warning away. Thank you very much! Quote Link to comment Share on other sites More sharing options...
stevel Posted December 23, 2005 Author Share Posted December 23, 2005 You're welcome. Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
stevel Posted January 15, 2006 Author Share Posted January 15, 2006 I have updated the contribution to version 1.1 and I recommend that users on shared hosts install the update then use the tool to unprotect and reprotect their files. Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
charnwood Posted January 16, 2006 Share Posted January 16, 2006 This is the official support topic for the contribution Protection of Configuration Please report any problems with this contribution here. Hi Steve, I have a problem - when i uploaded both the files, and after I changed the filenames.php, now i can't get into the filemanger at all! So haven't been able to change the second file tools.php. Any suggestions would be appreciated thanks jean Quote Link to comment Share on other sites More sharing options...
stevel Posted January 16, 2006 Author Share Posted January 16, 2006 I never use the osC file manager and actually remove it from the server of my stores as it is a security risk. At least, with the latest osC update, it no longer corrupts files. You'll have to use an FTP client or some other method of editing your files until you fixed whatever error you made - probably a syntax error in filenames.php. Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
charnwood Posted January 16, 2006 Share Posted January 16, 2006 I never use the osC file manager and actually remove it from the server of my stores as it is a security risk. At least, with the latest osC update, it no longer corrupts files. You'll have to use an FTP client or some other method of editing your files until you fixed whatever error you made - probably a syntax error in filenames.php. Thanks Steve, i have fixed it i think. I have just put up oscommerce on my server - and its security that worries me, is there a place on the forum/contribution area that has a complete list of security issues and how to fix them? thanks jean Quote Link to comment Share on other sites More sharing options...
kdawg62 Posted January 31, 2006 Share Posted January 31, 2006 Steve, I to get the error No Right Permission Access Please contact your Webmaster to request more access or if you found any problem. I am logged in as top administrator, i have changed file permissions to 755.. 644...444 nothing seems to work. any ideas? I use creloaded 6.15 and cannot get the security error bar across the top of the home page off. Thanks Kyle Quote Link to comment Share on other sites More sharing options...
stevel Posted January 31, 2006 Author Share Posted January 31, 2006 Jean, sorry I didn't see your post earlier. The security issue of the File Manager is that if someone gets into your admin, they can see, edit or delete any file in your store. Obviously the osCommerce developers thought that was a good idea, but I don't. Kyle, I have no experience with creloaded. I would first check to make sure the protection is actually set on the server to what you think it is. Then find the code that gives the warning and see what it is testing for, Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
bionicras Posted July 31, 2006 Share Posted July 31, 2006 The file permission is set to 644, I'm not able to set it differently - so I just need to have the check commented out. This warning message is quite annoying. And I wish I could get rid of it by commenting out in a php file. Does anyone know how to do this? :-" Thanks! BR Quote Link to comment Share on other sites More sharing options...
stevel Posted July 31, 2006 Author Share Posted July 31, 2006 There's a define towards the bottom of includes/application_top.php which controls this. Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
animatco Posted August 29, 2006 Share Posted August 29, 2006 Good Day, in trying the contrib, I am getting the following error: Fatal error: Cannot redeclare tep_db_connect() (previously declared in /xxxx/htdocs/Catalog/admin/includes/functions/database.php:13) in /xxxx/htdocs/Catalog/admin/includes/functions/database.php on line 13 Any help would be appreciated.. Steve Quote Link to comment Share on other sites More sharing options...
stevel Posted August 29, 2006 Author Share Posted August 29, 2006 Somehow you are gatting database.php included twice. Sometimes this is caused by a blank line at the end of includes/languages/english.php, though this mod doesn't change that file. The call to database.php comes from application_top.php which is not edited by this contrib. I suggest you check your changes carefully. Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
animatco Posted August 30, 2006 Share Posted August 30, 2006 Somehow you are gatting database.php included twice. Sometimes this is caused by a blank line at the end of includes/languages/english.php, though this mod doesn't change that file. The call to database.php comes from application_top.php which is not edited by this contrib. I suggest you check your changes carefully. Steve, I will look, but it doesn't make sense as you said. Steve Quote Link to comment Share on other sites More sharing options...
TheExterminator Posted May 1, 2007 Share Posted May 1, 2007 somebody now where i can changes the php so i can get this script to work ??? and what i should changes in php.ini or other files. ???? You were right! That did the trick. This is what my ISP said: Hello, We have made some modifications in the PHP configurations in the server to do 'chmod' through PHP script. Also, we have added the line #!/usr/local/bin/php at the beginning of the script /home/public_html/catalog/admin/protection.php So I guess that was it. BTW, do you think the "#!/usr/local/bin/php " makes any difference? I've never had to put that at the top of the page before and I'm running a lifetime of PHP stuff on this same server. Thanks again! cc "I love people who love PHP" Quote Link to comment Share on other sites More sharing options...
jfkafka Posted March 16, 2008 Share Posted March 16, 2008 Hi Steve, i'm looking for ways to secure my site or at least make it more challenging for any would be hackers and came upon your contrib. Granted, I'm not the brightest bulb on the shelf so please be patient with my confusion. If someone is able to get into the admin area which grants them the ability to edit/delete files, what prevents them from deleting the protection.php files and any other files? I mean, once they're in, don't they have the ability to wreak havoc irregardless of any secondary security precautions or is a comparision to an intruder inside a premises with the intent of vandalism incorrect? Your suggestion to move the admin folder out of the catalog seems more judicious so as to thwart (reduce the ease of) entry in the first place. Also if i remove filenames.php, doesn't that bypass 'define 'FILENAME_PROTECTION', 'protection.php');' ? i realize if someone is adamant on getting in and has the resources that there's always a risk, and i sincerely appreciate your measures to safeguard my site. i'm just conjuring up an image that while i'm locking up the cookie jar, i failed to shut the front door. Thanks for your patience and understanding. respectfully, jk Quote Link to comment Share on other sites More sharing options...
jfkafka Posted March 16, 2008 Share Posted March 16, 2008 whoops , forget that bit about filenames.php, i got it mixed up with file_manager.php jk Quote Link to comment Share on other sites More sharing options...
stevel Posted July 10, 2008 Author Share Posted July 10, 2008 Sorry for not seeing this earlier - my subscription to the topic seems to have expired. This contribution does not improve security of the store. All it does is make it easier to change the file protection status of the two configuration.php files as recommended by osCommerce instructions, making them not writeable. In particular, some combinations of FTP client and web host won't let you set a 444 protection on a file, so you have to do it either from a shell or from a script. It also shows you whether or not the two files are writeable. Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
leveera Posted July 23, 2008 Share Posted July 23, 2008 Thanks for fine contribution! Note to latest 1.3 update. My both configure files are set to 400 and light red as not protected although they are. May be to extend a color logic? just my 2 cents. Quote Link to comment Share on other sites More sharing options...
stevel Posted July 23, 2008 Author Share Posted July 23, 2008 The contribution uses the same PHP is_writable function that osCommerce uses to warn you if the configuration file is writable. If Protection of Configuration says the file is writable, then it is. Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
Gary-London Posted August 2, 2008 Share Posted August 2, 2008 Steve, Just a quick question. I have installed Protection of Configuration and have secured the two config files perfectly fine. Which was the main reason that I installed it as I am on a Windows shared hosting and cannot change the levels of security on the folders. However, I have just been looking at the other folders that I can change the security levels on and found that even if I select to secure them, and it confirms it at the top, nothing changes. I have attached a screen shot below for reference. Any advice would be helpful! Thanks!! :) Quote Gazza If its not broken...why try fixing it?? Link to comment Share on other sites More sharing options...
stevel Posted August 3, 2008 Author Share Posted August 3, 2008 I would guess that the "chmod" PHP function does not operate on directories on a Windows host. All the code is "confirming" is that chmod did not return an error. Quote Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
mendoh Posted November 13, 2008 Share Posted November 13, 2008 Hi, this is Mendoh with a problem using this contribution. I have installed version 1.1 correctly then successfully protected both "administration panel" and "catalog". After a while, today I tried to switch the whole to unprotected status and no matter the folder I always get a red error saying "Failed to change protection of Administration Panel" and "Failed to change protection of catalog"; if I tried to chmod 775 or 777 on server, I get nothing done and still wind up with 755 permission. Can anybody help me out to find what is wrong? Thanks a lot in advance Mendoh Quote Link to comment Share on other sites More sharing options...
♥jailaxmi Posted November 29, 2008 Share Posted November 29, 2008 Hi, this is Mendoh with a problem using this contribution. I have installed version 1.1 correctly then successfully protected both "administration panel" and "catalog". After a while, today I tried to switch the whole to unprotected status and no matter the folder I always get a red error saying "Failed to change protection of Administration Panel" and "Failed to change protection of catalog"; if I tried to chmod 775 or 777 on server, I get nothing done and still wind up with 755 permission. Can anybody help me out to find what is wrong? Thanks a lot in advance Mendoh Try installing the latest version. I had the same problem and switched. It makes it easy to see the permissions you need on certain important files. Yol Quote I repeat myself when under stress, I repeat myself when under stress, I repeat myself... --King Crimson (“Discipline”) Link to comment Share on other sites More sharing options...
♥jailaxmi Posted November 29, 2008 Share Posted November 29, 2008 Try installing the latest version. I had the same problem and switched. It makes it easy to see the permissions you need on certain important files. Yol Oh, just one thing. Shouldn't the images and backup folders be CHMOD to 0777? Otherwise I get an error message in the admin panel, as the backup file is not writable, and my store gets really slow, due to the images taking longer than usual. I keep those folders (and the graphs folder) at 0777. Yol Quote I repeat myself when under stress, I repeat myself when under stress, I repeat myself... --King Crimson (“Discipline”) Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.