1
fabou78
Issue accessing secure.php
  • 2012/6/16 10:17

  • fabou78

  • Friend of XOOPS

  • Posts: 43

  • Since: 2012/6/16


Hi all,

I am having some issue with a XOOPS website that I have inherited. If you can help please bear in mind that I am new to XOOPS and not fluent in web technologies in general.
I apologise in advance if my questions are trivial, I am going progressively through the documentation but my site is down for two days so the reason for my first posting.

I had a blank page and after going through this help page https://xoops.org/modules/smartfaq/faq.php?faqid=80 I have managed to see a PHP error message telling me that

( ! ) Fatal error: require() [function.require]: Failed opening required '/xoops_data/data/secure.php' (include_path='.:/usr/share/php/') in /web/php/mainfile.php on line 68

Now I have looked at the folder /xoops_data/data/ which is marked with permission 0700 the proprietary of this folder is unknown to me but belong to the group I belong, the end result is I can’t even access this folder as of now, I can only assume that secure.php is still inside.

1) Is there any reason for this folder to have been altered by XOOPS?
2) Do you thinks this change occurred outside of XOOPS scope, i.e. changed by the provider itself or due to malicious activity (pirates)?
3) Can someone briefly explain why XOOPS need this file and how it should be configured security wise? (appart the fact that it should be moved out of the webroot folder)
4) Any other suggestions to fix the issue apart of contacting the provider to give me access to this folder which I already did?

Thanks for your help

Fabou

2
irmtfan
Re: Issue accessing secure.php
  • 2012/6/16 10:30

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


About secure.php please read the installation guide:
http://kent.dl.sourceforge.net/project/xoops/XOOPS%20Documentation_%20Core/XOOPS%20Installation%20Guide/XU-002_XOOPS_Installation_Guide_2.5.2.pdf

page 56:
Quote:

Changes in mainfile.php
XOOPS 2.5.0 brings another security enhancement.
The part of the mainfile that contains info related to database, its user name and password:
has been moved to /xoops_data/data/secure.php file, which when placed outside of the Document Root,
makes it harder to hackers to access it

xoops can not access to the secure.php file which contains all your database information.

Also it seems your xoops_data is inside the root folder. so for better security you can move it to the outside document root (please read installation guide).

Anyway you should make the secure.php file accessible.
to do that you should change the folder permission in the Cpanel to 755.

3
fabou78
Re: Issue accessing secure.php
  • 2012/6/18 18:01

  • fabou78

  • Friend of XOOPS

  • Posts: 43

  • Since: 2012/6/16


Ok thanks,

That doean't explain why I ended up with the folder changed to 700 instead of beeing 755. Surely it didn't come from XOOPS.

Cheers,

Login

Who's Online

389 user(s) are online (273 user(s) are browsing Support Forums)


Members: 0


Guests: 389


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits