2
Quote:
ashlyn wrote:
I'm a little lost. I installed Protector as a module, as it came with v.2.3.2. Correct folders etc.
Getting the following nasties in the Protector module:
'XOOPS_TRUST_PATH' :
Check php files inside TRUST_PATH are private (it must be 404,403 or 500 error
If you can look an image -NG- or the link returns normal page, your XOOPS_TRUST_PATH is not placed properly. The best place for XOOPS_TRUST_PATH is outside of DocumentRoot. If you cannot do that, you have to put .htaccess (DENY FROM ALL) just under XOOPS_TRUST_PATH as the second best way.
I can see the NG image in Security Advisory. The whole XOOPS_TRUST_PATH thing has me stumped. Is there a tutorial for this?
You are getting this because your xoops_lib folder is probably sitting inside your xoops_root folder (as it was this way when you unzipped the downloaded XOOPS package.
If you can, you are advised to move this folder outside of xoops_root and then edit your mainfile.php to so that it references the new location.
You are also advised to rename the xoops_lib folder to something unique.
There is a FAQ on "making your site secure" - search it out and study it as it will help a lot
Quote:
ashlyn wrote:
'allow_url_fopen' : on Not secure
This setting allows attackers to execute arbitrary scripts on remote servers.
Only administrator can change this option.
If you are an admin, edit php.ini or httpd.conf.
Sample of httpd.conf:
php_admin_flag allow_url_fopen off
Else, claim it to your administrators.
Will speak to admin about fixing this.
If you are on a shared server then this might not be possible. Whilst it's desirable to have it set as recommended it's not something that I personally lose any sleep over.
Quote:
ashlyn wrote:
'mainfile.php' : missing precheck Not secure
You should edit your mainfile.php like written in README.
It's set to 444. Is there something I missed?
I did not understand the readme properly, and got way lost on the whole Trust Path thing. Any help for this dummy would be much appreciated.
You didn't read the installation instructions properly, did you
This is easily corrected - take a look in the "extras" folder that came with your XOOPS download and look at a file called mainfile.dist.php
Near the bottom of this file there are two lines code relating to "precheck" and "postcheck" and these sit either side of a few lines of "other code".
These lines of "other code" are also found in your mainfile.php. Copy the "precheck", "postcheck" and "other code" from mainfile.dist.php and past them into your mainfile.php thereby replacing the exisitng "other code".
After checking that the code in mainfile.php is exactly the same as in mainfile.dist.php, upload the amended mainfile.php - the error will now be gone
HTH
