Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 06:11 pm EDT

Geeklog Forums

Chmod config.php


Status: offline

ironfeather

Forum User
Junior
Registered: 01/27/03
Posts: 16
HI,

I was wondering what i should chmod my config.php?

worried about other people on my server snooping and seeing my mysql access

Cheers

Stevyn

------
my geeklog discussion is at:

http://ironfeather.com/cgi-bin/bbs/ik...ct=SF;f=20
 Quote

Status: Banned

machinari

Forum User
Full Member
Registered: 03/22/04
Posts: 1512
according the best suggestions laid out in the install instructions, the directory containing your config.php should not be world readable--meaning it shouldn't be in your public_html dir at all or in any sub-dir therein.

However, not all of us have the pleasure of having access to any dir above our public_html dir... sooooo, the 2nd best option would be to protect that dir using an .htaccess file or something like it provided by your hosting company.
 Quote

Status: offline

ironfeather

Forum User
Junior
Registered: 01/27/03
Posts: 16
Hi, thanks for your reply.

Yep, I have it in a directory that is below the public view so its not viewable from the web. But I am on a server that hosts many others so I think they are telneted into theior own account and then looking about in other peoples directories on the server.

I think geeklog only reads the config.php and doesnt write to it, so i should be able to chmod it really low i think. if none knows off hand i'll try it real low and see what happens

cheers

------
my geeklog discussion is at:

http://ironfeather.com/cgi-bin/bbs/ik...ct=SF;f=20
 Quote

Status: Banned

machinari

Forum User
Full Member
Registered: 03/22/04
Posts: 1512
that setup sounds kinda shady if access is granted so loosely.
anyway, 644 should do you.
 Quote

Status: offline

ironfeather

Forum User
Junior
Registered: 01/27/03
Posts: 16
yep, looks like 644 is the lowest it can go, i wonder why it cant be 600? why would others need to read it? I tried and it needs 644.

I have been with this server host for years but I am worried now after this hacking action. Maybe change soon.


------
my geeklog discussion is at:

http://ironfeather.com/cgi-bin/bbs/ik...ct=SF;f=20
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Actually, when your root directory is not readable by others, there shouldn't be a problem with world-readable files below it. I would expect this to be the standard setup for shared hosting.

If, however, you can actually read files in other people's directories, then I would switch ISPs ASAP ...

bye, Dirk
 Quote

All times are EDT. The time is now 06:11 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content