The secure CMS.

Welcome to Geeklog, Anonymous Tuesday, May 07 2024 @ 08:42 pm EDT

Geeklog Forums

Security Issues

 New Topic  Post Reply
 09/06/07 07:43pm (Read 1,455 times)  
Status: offline

OPyancey

Forum User
Newbie
Registered: 09/06/07
Posts: 1
I have a slight problem I have installed and have a site up and running with some established content. I just noticed these security flaw.

# Your config.php is reachable from the web.
This is a security risk and should be fixed!
# Your logs directory is reachable from the web.
This is a security risk and should be fixed!
# Your plugins directory is reachable from the web.
This is a security risk and should be fixed!
# Your system directory is reachable from the web.
This is a security risk and should be fixed!
# Your backups directory is reachable from the web.
This is a security risk and should be fixed!
# Your data directory is reachable from the web.

is there a way to move these file now and keep current content and theme without a reinstall.

Current site opinion swap
 Quote
 09/06/07 11:30pm  
Status: offline

Minshull

Forum User
Newbie
Registered: 09/03/07
Posts: 5
Location:Alberta, Canada
http://www.geeklog.net/docs/install.html#install

6. Edit lib-common.php and change the require_once() at the top to point to the location of your config.php file.

 Quote
 09/07/07 02:07am  
Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
If you can't move those files and directories outside of your webroot (as suggested in the installation instructions), you should at least password-protect them.

See Installing Geeklog entirely within the web root

bye, Dirk
 Quote
 New Topic  Post Reply
All times are EDT. The time is now 08:42 pm.
  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content