Home General support

Setup scripts not protected

disismi Member
in General support
Hi

I have this warning in my dashboard:

Your Setup scripts are not protected.

The Setup environment is not totally secure, you should protect the scripts to thwart hackers. Use the Setup » protect scripts button in the Admin section of the Utility functions.

When I press the button 'setup>>protect scripts', I see this: Setup files protected.

But the first message (Your Setup scripts are not protected) never goes away.

So, are my files protected or is there a way I can do this manualy?

tnx

Comments

  • acrylian Administrator, Developer
    I cannot reproduce this. Be sure you have no permission errors in your server error log.

    You can do this manually by adding a non executable file suffix to the setup files. But that would be quite cumbersome.
  • disismi Member
    tnx!

    The logfile says:

    setup_protect Success zp_admin protected.
    So I guess it's fine.

    How do I get rid of the message?
  • fretzl Administrator, Developer
    Works just fine for me. Maybe a browser issue.
    Have you tried to clear the browser cache?
  • disismi Member
    yes I cleared the cache. The message is in the admin-panel, so you can't see it. If the site was for me personal I wouldn't mind the warning being there, but I am building it for someone else.
  • acrylian Administrator, Developer
    Did you also look at the server error logs? Zenphoto's own logs may not have everything. It could be still permissions.
  • sbillard Member
    You should actually look at the files in the zp-core/setup folder via FTP or something. What is their suffix?
  • disismi Member
    My host won't let me see.

    I can activate 'read' and/or 'write'.

    'read' is activated on all setup files.
    'write'is not activated on all setup files.
  • fretzl Administrator, Developer
    Never heard of a host that does not allow you to access files via FTP or some control panel. Change host ;-)

    In order to protect/obscure setup files Zenphoto tries to change the name of all files in the zp-core/setup folder to filename.php.xxx. To do so it needs to change the permissions of the files first and afterwards reset them to their original value.

    So if you can see file names like filename.php.xxx then Zenphoto has successfully protected them.
    If the file names look like filename.php then Zenphoto failed to protect them.
  • disismi Member
    Thanks for explaining! I fixed it!

    I activated 'write' for all setup pages, clicked the 'protect script'-button and now the warning is gone and my filenames have .xxx!
    I changed the permissions back to 'read' only, so now it's fine!

    merci
  • acrylian Administrator, Developer
    Ok, great you fixed it.
Sign In or Register to comment.