1
Wedee
.htaccess contents in htdocs
  • 2009/4/23 12:31

  • Wedee

  • Just popping in

  • Posts: 4

  • Since: 2009/4/22


I am installing my XOOPS under a directory in my htdocs folder. So it would be htdocs/xoops/"Xoops here", the question I have is what should the .htaccess file contain that goes into the root of htdocs? As well what other security concerns should I have doing it this way vs installing XOOPS to the root of htdocs?

2
ghia
Re: .htaccess contents in htdocs
  • 2009/4/24 6:49

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


There are no security implications for installing XOOPS in a the root or in a subdirectory of the root.
When a subdirectory is used, you can add an html welcome intro page (with a link to XOOPS or that redirect automatically) and it is also easier to install other non-XOOPS softwares.
I don't understand what purpose you intended for the .htaccess file.

3
Wedee
Re: .htaccess contents in htdocs
  • 2009/4/24 12:17

  • Wedee

  • Just popping in

  • Posts: 4

  • Since: 2009/4/22


Thanks for the reply...

The purpose of the .htaccess file is to make sure that the redirect can not be modified. The site was recently attacked, and several php files were inserted into various folders. Other then if they gained entry to my ftp via compromised password (Don't believe that's the case, but changed all login info immediately anyway) I must have had folder / file permissions wrong, or allowed access to something I shouldn't have.

Ultimately I am trying to make sure that I don't miss some critical item, and due to the fact I am installing to a subdir of the root, I just wanted to make sure I wasn't making a mistake.


4
ghia
Re: .htaccess contents in htdocs
  • 2009/4/24 13:56

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


When this happens, that means in general that the server as a whole is compromised and that several shared sites will be affected.
A .htaccess file will not prevent that.
This can be due to problems in the site software or that the server credentials (like admin panels or FTP login paswords) have been aquired for server or site wide access trough some malware.

Login

Who's Online

384 user(s) are online (301 user(s) are browsing Support Forums)


Members: 0


Guests: 384


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits