xoops forums

kevcar

Not too shy to talk
Posted on: 2009/3/20 11:50
kevcar
kevcar (Show more)
Not too shy to talk
Posts: 127
Since: 2007/6/2 1
#1

How do I do this, step by step, please

How do I do this? thanks

public_html/xoops_lib is inside DocumentRoot!
For security considerations it is highly suggested to move it out of DocumentRoot.

public_html/xoops_data is inside DocumentRoot!
For security considerations it is highly suggested to move it out of DocumentRoot.

anderssk

Quite a regular
Posted on: 2009/3/20 13:33
anderssk
anderssk (Show more)
Quite a regular
Posts: 335
Since: 2006/3/21
#2

Re: How do I do this, step by step, please

Hi'

Are You on a life installation ore are You on a test (local) installation?

Security guide here

And a newer updatet version here

kevcar

Not too shy to talk
Posted on: 2009/3/20 16:29
kevcar
kevcar (Show more)
Not too shy to talk
Posts: 127
Since: 2007/6/2 1
#3

Re: How do I do this, step by step, please

I am on a Live website install

Anonymous

Posted on: 2009/3/20 17:47
Anonymous
Anonymous (Show more)
Posts: 0
Since:
#4

Re: How do I do this, step by step, please

Hiya

You're worried about the warning in the admin panel, yes?

Are you able to move the xoops_lib and xoops_data folders to a level below /public_html?
You might not be allowed to if you're on a shared server - I'm not!

If you can move them then all you have to do is move the folders and then edit mainfile.php so that the revised path to them is given. That's it.

If you can't or are not allowed to move them then rename them to something else and edit mainfile.php accordingly.

My own site is structured like this (obviously, the names are different!):

/public_html/htdocs (<--xoops files here)
/public_html/xoops_data
/public_html/xoops_lib

Protector works well like this (all the checks in the Secruruty Advisory work) and it logs everything as it should. I still get the warning in the admin panel but I've decided to ignore it

HTH

kevcar

Not too shy to talk
Posted on: 2009/3/20 19:14
kevcar
kevcar (Show more)
Not too shy to talk
Posts: 127
Since: 2007/6/2 1
#5

Re: How do I do this, step by step, please

Thanks for the help

kevcar

Not too shy to talk
Posted on: 2009/3/20 19:26
kevcar
kevcar (Show more)
Not too shy to talk
Posts: 127
Since: 2007/6/2 1
#6

Re: How do I do this, step by step, please

My host placed all the XOOPS files in Public_html there is no htdocs folder, how do I change this?

ghia

Community Support Member
Posted on: 2009/3/20 20:07
ghia
ghia (Show more)
Community Support Member
Posts: 4954
Since: 2008/7/3 1
#7

Re: How do I do this, step by step, please

The public_html, htdocs and www are three common names for the directory that is your web root. The files located there as eg index.php are accesable by the browser as http://www.yoursite.com/index.php .
The intention is to have xoops_lib and xoops_data in a directory aside that web root as in figure 1.
During normal install, you get a layout as in figure 2. If you can't move the directories than you must add a ramdom chosen prefix to these two directories as in eg f67u_xoops_lib. You can also use a .htaccess file to deny access for additional protection.
In both cases (the move or the rename) you have to adapt the definitions in mainfile.php to reflect the changed situation.
Using xoops_lib and xoops_data with their original names inside the web root (as figure 2 shows), is not secure and your site may get hacked in the next weeks.

kevcar

Not too shy to talk
Posted on: 2009/3/20 20:29
kevcar
kevcar (Show more)
Not too shy to talk
Posts: 127
Since: 2007/6/2 1
#8

Re: How do I do this, step by step, please

I have added a prefix to both files and changed the Mainfile to include the prefixes, so is it safe now?