Post by lennyli » Sat Feb 04, 2017 10:58 am

I'm taking over admin of an opencart installation.
I'm quite shocked to see the error log being placed inside the html document root at the path
system/logs/error.txt

This information is supposed to be confidential to the administrator. Is it by default the apache/opencart get installed this way? Could hackers modify this file and execute some damaging instructions as I see the file is rwxrwxrwx .

New member

Posts

Joined
Fri Jan 13, 2017 2:23 pm

Post by IP_CAM » Sat Feb 04, 2017 1:00 pm

A well done OC has an EMPTY Error Log. Everything else would be highly unprofessional.
But you could keep the Directory, and/or the File extension from beeing called directly (.txt), by
use of .htaccess as well, by making it look like:

Code: Select all

# Prevent Direct Access to files
<FilesMatch "(?i)((\.xml|\.txt|\.tpl|\.ini|\.log|(?<!robots)\.txt))">
 Order deny,allow
 Deny from all
</FilesMatch> 
Ernie

For Sale: Top URL's, including OpenCart V-Pro installed, like seen here:
http://www.bigmax.ch - http://www.ipcam.li - http://www.opencart.li
For Information + URL's offered, please contact me at: jti@jacob.ch
I am NOT available for Custom Support in existing OC Installations!
My Github Repositories: https://github.com/IP-CAM
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 5 guests