Welcome to Geeklog, Anonymous Tuesday, November 26 2024 @ 09:08 am EST
Geeklog Forums
Check the security!
Status: offline
Zippo
Forum User
Chatty
Registered: 07/08/11
Posts: 53
1. "public_html" should never be part of your site's URL. Please read the part about public_html in the installation instructions again and change your setup accordingly before you proceed. (As far I know, the geeklog installation creates this folder?!?!?!?)
2. Your db-config.php is reachable from the web. This is a security risk and should be fixed!
3. Your logs directory is reachable from the web. This is a security risk and should be fixed!
Your plugins directory is reachable from the web. This is a security risk and should be fixed!
Your system directory is reachable from the web. This is a security risk and should be fixed!
Your backups directory is reachable from the web. This is a security risk and should be fixed!
Your data directory is reachable from the web. This is a security risk and should be fixed!
How do I get rid of these?
2. Your db-config.php is reachable from the web. This is a security risk and should be fixed!
3. Your logs directory is reachable from the web. This is a security risk and should be fixed!
Your plugins directory is reachable from the web. This is a security risk and should be fixed!
Your system directory is reachable from the web. This is a security risk and should be fixed!
Your backups directory is reachable from the web. This is a security risk and should be fixed!
Your data directory is reachable from the web. This is a security risk and should be fixed!
How do I get rid of these?
6
14
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: Zippo
1. "public_html" should never be part of your site's URL. Please read the part about public_html in the installation instructions again and change your setup accordingly before you proceed. (As far I know, the geeklog installation creates this folder?!?!?!?)
No, the installer does not create this directory. "public_html" is an often-used name on webservers for the public web directory or document root. Other popular names are "htdocs" or "www".
As the installation instructions explain, the bits that are in public_html should go into your document root (whatever it is named on your server) - and only these files should be reachable from the web. The rest of the files should be placed somewhere outside of the document root so that they are not accessible from the web (i.e. you can not enter a URL into your browser to call up such a file). That's for security reasons.
If you can't install Geeklog like that, see Installing Geeklog entirely within the web root
bye, Dirk
10
12
Quote
Status: offline
Zippo
Forum User
Chatty
Registered: 07/08/11
Posts: 53
For the next version: PLEASE change the install script & documentation.
Because this time I followed the instructions precisely!
I only copied the files which should be copied there.
Maybe it is because I use an add-on domain?
What you are saying is:
That I have to re-install Geeklog for the third time ?
And what about the other numbers????
Better know this before I re-install...
Because this time I followed the instructions precisely!
I only copied the files which should be copied there.
Maybe it is because I use an add-on domain?
What you are saying is:
That I have to re-install Geeklog for the third time ?
And what about the other numbers????
Better know this before I re-install...
28
9
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
What would you suggest we change in the installation instructions? All this is explained there. If it's not clear, please tell us what you found confusing. Thanks.
The other items from your original post are just a result of that basic mistake of putting files and directories where they shouldn't be.
bye, Dirk
The other items from your original post are just a result of that basic mistake of putting files and directories where they shouldn't be.
bye, Dirk
23
28
Quote
Status: offline
Zippo
Forum User
Chatty
Registered: 07/08/11
Posts: 53
4. Place the contents of geeklog-1.8.0/public_html/ into your web root directory on your web server. The web root directory is often named "public_html", "htdocs", or "www".
This is EXACTLY what I have done and which is a security riskaccording you and GeekLog
So: Who's right? The installation text Or the security check?
Please fix one of them!
24
11
Quote
Status: offline
Zippo
Forum User
Chatty
Registered: 07/08/11
Posts: 53
Quote by: Dirk
The other items from your original post are just a result of that basic mistake of putting files and directories where they shouldn't be.
bye, Dirk
: Ehhh...
A. Where should I put them?? Closer to my webroot I cannot put them.
B. I do not see any public_html here.....
2. is in:
http://kom.ninanauk.net/db-config.php
3. is in:
http://kom.ninanauk.net/logs
http://kom.ninanauk.net/plugins
http://kom.ninanauk.net/system
http://kom.ninanauk.net/backups
http://kom.ninanauk.net/data
P.S.: http://kom.ninanauk.net is a redirection of http://www.ninanauk.net/kom
kom
9
17
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
So what's the name of the document root on your webserver? The idea is that whatever that directory's name is, you should place the contents of Geeklog's public_html into it.
Creating a public_html directory is - in most cases - the wrong thing to do (unless you can change the document root in your server setup such that it points to public_html).
Does that help?
bye, Dirk
Creating a public_html directory is - in most cases - the wrong thing to do (unless you can change the document root in your server setup such that it points to public_html).
Does that help?
bye, Dirk
10
11
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: Zippo
A. Where should I put them?? Closer to my webroot I cannot put them.
B. I do not see any public_html here.....
2. is in:
http://kom.ninanauk.net/db-config.php
Sounds like you should follow the advice from the FAQ article I mentioned above then and put all the "other stuff" (everything that's not in public_html) in a password-protected directory: Installing Geeklog entirely within the web root.
bye, Dirk
12
12
Quote
Status: offline
Zippo
Forum User
Chatty
Registered: 07/08/11
Posts: 53
I try to place a sitemap in here... but it keeps me telling that I am spamming... but not telling me what I am really doing wrong or what to change.
I seem to keep bumping in issues which fail to explain what I am doing wrong.
(I tried to put the sitemap in code but that does not work either)
My cpanel tells me he protected the folder, but I do not see a .htaccess and .htpassword file, so that seems not to work either
I seem to keep bumping in issues which fail to explain what I am doing wrong.
(I tried to put the sitemap in code but that does not work either)
My cpanel tells me he protected the folder, but I do not see a .htaccess and .htpassword file, so that seems not to work either
11
8
Quote
Status: offline
::Ben
Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
I pointed the addon domain, directly to the public_html. That resolves a lot a safety issues....
but sensitive files are still accessible from the web...
Your web root is where your stored your index.htm page (with the cat picture).
What is his directory name?
Ben
I'm available to customise your themes or plugins for your Geeklog CMS
9
13
Quote
Status: offline
Zippo
Forum User
Chatty
Registered: 07/08/11
Posts: 53
Nice try! But no!
http://www.ninanauk.net = The standard website of our cattery! (Let us say that it is my sponsor ) Is the one you were.
http://kom.ninanauk.net/public_html = where the GeekLog index.php is located BUT
http://kom.ninanauk.net is now rerouted to -> http://kom.ninanauk.net/public_html
http://www.ninanauk.net = The standard website of our cattery! (Let us say that it is my sponsor ) Is the one you were.
http://kom.ninanauk.net/public_html = where the GeekLog index.php is located BUT
http://kom.ninanauk.net is now rerouted to -> http://kom.ninanauk.net/public_html
11
11
Quote
All times are EST. The time is now 09:08 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content