ZenphotoCMS Forum
Setup scripts not protected - Printable Version

+- ZenphotoCMS Forum (https://forum.zenphoto.org)
+-- Forum: Support (https://forum.zenphoto.org/forum-1.html)
+--- Forum: General support (https://forum.zenphoto.org/forum-4.html)
+--- Thread: Setup scripts not protected (/thread-12014.html)



Setup scripts not protected - disismi - 2014-08-24

Hi

I have this warning in my dashboard:

Your Setup scripts are not protected.

The Setup environment is not totally secure, you should protect the scripts to thwart hackers. Use the Setup ยป protect scripts button in the Admin section of the Utility functions.

When I press the button 'setup>>protect scripts', I see this: Setup files protected.

But the first message (Your Setup scripts are not protected) never goes away.

So, are my files protected or is there a way I can do this manualy?

tnx




Setup scripts not protected - acrylian - 2014-08-25

I cannot reproduce this. Be sure you have no permission errors in your server error log.

You can do this manually by adding a non executable file suffix to the setup files. But that would be quite cumbersome.




Setup scripts not protected - disismi - 2014-08-30

tnx!

The logfile says:

setup_protect Success zp_admin protected.
So I guess it's fine.

How do I get rid of the message?




Setup scripts not protected - fretzl - 2014-08-30

Works just fine for me. Maybe a browser issue.
Have you tried to clear the browser cache?




Setup scripts not protected - disismi - 2014-08-30

yes I cleared the cache. The message is in the admin-panel, so you can't see it. If the site was for me personal I wouldn't mind the warning being there, but I am building it for someone else.




Setup scripts not protected - acrylian - 2014-08-30

Did you also look at the server error logs? Zenphoto's own logs may not have everything. It could be still permissions.




Setup scripts not protected - sbillard - 2014-08-30

You should actually look at the files in the zp-core/setup folder via FTP or something. What is their suffix?




Setup scripts not protected - disismi - 2014-08-30

My host won't let me see.

I can activate 'read' and/or 'write'.

'read' is activated on all setup files.
'write'is not activated on all setup files.




Setup scripts not protected - fretzl - 2014-08-31

Never heard of a host that does not allow you to access files via FTP or some control panel. Change host ;-)

In order to protect/obscure setup files Zenphoto tries to change the name of all files in the [i]zp-core/setup[/i] folder to [i]filename.php.xxx[/i]. To do so it needs to change the permissions of the files first and afterwards reset them to their original value.

So if you can see file names like [i]filename.php.xxx[/i] then Zenphoto has successfully protected them.
If the file names look like [i]filename.php[/i] then Zenphoto failed to protect them.




Setup scripts not protected - disismi - 2014-08-31

Thanks for explaining! I fixed it!

I activated 'write' for all setup pages, clicked the 'protect script'-button and now the warning is gone and my filenames have .xxx!
I changed the permissions back to 'read' only, so now it's fine!

merci




Setup scripts not protected - acrylian - 2014-08-31

Ok, great you fixed it.