Post by lennyli » Sat Feb 04, 2017 10:58 am

I'm taking over admin of an opencart installation.
I'm quite shocked to see the error log being placed inside the html document root at the path

This information is supposed to be confidential to the administrator. Is it by default the apache/opencart get installed this way? Could hackers modify this file and execute some damaging instructions as I see the file is rwxrwxrwx .

New member


Fri Jan 13, 2017 2:23 pm

Post by IP_CAM » Sat Feb 04, 2017 1:00 pm

A well done OC has an EMPTY Error Log. Everything else would be highly unprofessional.
But you could keep the Directory, and/or the File extension from beeing called directly (.txt), by
use of .htaccess as well, by making it look like:

Code: Select all

# Prevent Direct Access to files
<FilesMatch "(?i)((\.xml|\.txt|\.tpl|\.ini|\.log|(?<!robots)\.txt))">
 Order deny,allow
 Deny from all

For Sale: Top URL's, including an OpenCart V-Pro Shop!
A wide range of matching Designs can be seen here:
For Information on URL's offered, please contact me at:
Hundreds of Mods in 380+ Repositories for OC v.1.5.x - v.2.3.x
to be found on my Github Site:

User avatar
Legendary Member


Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 11 guests