-
Type:
Feature Request
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 5.0.0
-
Fix Version/s: 5.0.1
-
Component/s: Install / Upgrages
-
Labels:None
-
External issue URL:
-
External issue ID:180
-
Copy Issue Key:
-
Patch Instructions:
Add "Security Check" Step to Installation process, after Theme selection.
1. Permissions Check:
- /index.php (Secure (in greed) or Vulnerable)
- /config.php (Secure (in greed) or Vulnerable)
- /admin/index.php (Secure (in greed) or Vulnerable)
Message for users (don't include this line):
[MESSAGE IN RED]
For security reasons it's highly recommended to set 755 permissions on above files to prevent hacking attempts.
[/MESSAGE IN RED]
2. Executing PHP in writable folders:
- Result of creating and executing PHP file(s) in /system (or /system/images) (Secure (in greed) or Vulnerable (in red))
Message for users if Failed (don't include this line):
[MESSAGE IN RED]
For security reasons it's highly recommended disable the access (execution) to PHP files within /system folder and it's subfolders.
[/MESSAGE IN RED]
You can do this by:
- changing your httpd.conf file to deny requests for all *.php files.
- renaming .htaccess-sample (located in /system) to .htaccess so it overrides default Apache settings.
Note that "AllowOverride LIMIT" option option should be enabled by your host.
Check whether PHP file(s) can be created/executed in /system and/or /system/images folders.
As was suggested let's use cURL for this tests.
