Welcome to Geeklog Saturday, November 27 2021 @ 04:36 am EST

Geeklog Forums

Security Test


Status: offline

phpsocialclub

Forum User
Junior
Registered: 05/03/03
Posts: 30
Location:North Carolina
I have just finished upgrade five sites to 1.4.1 and I love all the improvements.

I can not however get the security warning to go away on any of them.

On one site the sectest.php results in

Results of the Security Check

1. Good! You seem to have removed the install directory already.
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Good! You seem to have changed the default account password already.

Please fix the above issues before using your site!



On another

1. Good! You seem to have removed the install directory already.
2. You still have not changed the default password from "password" on 3 account(s).

Please fix the above issues before using your site!


On the first site, I just want the message to go away,
One the second, I have no way of finding out which user has the default password, we have almost 10,000 users, but I do know none of the admins have it.

I see that I can go into the DB and make the change to the gl_vars table sectest row, but I was wondering if I am missing something, or if this could be a little clearer,

I work for a Wilmington NC Attorney
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
For the password issue, see the later parts of the discussion here.

The "Success" thing is new to me - haven't seen that before. What's different on that site, as compared to the other?

bye, Dirk
 Quote

Status: offline

phpsocialclub

Forum User
Junior
Registered: 05/03/03
Posts: 30
Location:North Carolina
I am not really sure, the site with the success success was installed with Fantastico, then manually upgraded, It has all of its files in public_html, which is the way Fantistico does it.

I will probably reinstall everything in the right place next time,

Andrew
I work for a Wilmington NC Attorney
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: phpsocialclub

It has all of its files in public_html, which is the way Fantistico does it.


... and which is the main reason why we have this test script now: Because many Fantastico installs are not properly secured. So I would be very interested to find out why it's not working properly for you.

bye, Dirk
 Quote

All times are EST. The time is now 04:36 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content