Trying to understand security. Help...

Sal Collaziano · September 26th, 2005, 12:38 PM

Alright. My sites are being clobbered by hackers and whatnot.. I'm not saying they're getting in through Photopost - but probably some other script. Still, I just can't be sure.. I'm weary of any world-writable directories (chmod 777). If I'm not mistaken, there are folderrs that need to be set this way. Isn't it possible for anyone to come along and upload malicious scripts or rootkits to those folders? If not, how? How are they blocked from doing so?

For now, I've turned off all uploads on my Photopost/Classified sites. Security is becoming a major issue for me...

Sal Collaziano · September 26th, 2005, 05:51 PM

I think I may have figured out what I want to do. I want to place the "data" folder and "uploads" folder outside of the webroot.. I just tried this with the "data" folder and I made the change in the Admin CP as well but all my images came up blank after the move. What did I do wrong?

Also, I see where I can change the path to the "uploads" directory but how can I match up the "URL to bulkupload directory?" then? There woudn't be any "www" to get to it...

Chuck S · September 26th, 2005, 06:25 PM

The upload path has to be in the webroot

The data directory you need to use our utility to change that and move the files. Note the directory must exist on the server and be 777

Sal Collaziano · September 26th, 2005, 06:27 PM

Hi Chuck.. Can you tell me more about the utility?

Thank you...

Chuck S · September 26th, 2005, 06:40 PM

In admin section chooose storage options and it will tell ya everything you need to know

SaN-DeeP · September 26th, 2005, 07:52 PM

Quote:

Originally Posted by omegatron

In admin section chooose storage options and it will tell ya everything you need to know

you really keep many photopost secrets to yourself..........

thanks for this tip.

Regards,

Chuck S · September 26th, 2005, 08:00 PM

?? secrets

Sal Collaziano · September 27th, 2005, 10:08 AM

I'm looking into this right now. Thank you.. What about with Classifieds? I don't see a "storage options" link in the Admin CP. Is there an equivilent?

Sal Collaziano · September 27th, 2005, 10:23 AM

Okay. New question. What if I want to take the data folder, which is world-writable, outside the webroot. I want to place it in a spot that nobody can find (before public_html). If I were to do this, then the Default URL Setting appears impossible.. Is it impossible to do this?

Thanks...

Chuck S · September 27th, 2005, 10:31 AM

The url has nothing to do with things as you would use the IPS to serve images (watermark.php)

You simply turn on the ips and then follow the steps to move the large and medium images. You'll be fine

No there is no current way to do this in Classifieds