Post by lennyli » Sat Feb 04, 2017 10:58 am

I'm taking over admin of an opencart installation.
I'm quite shocked to see the error log being placed inside the html document root at the path

This information is supposed to be confidential to the administrator. Is it by default the apache/opencart get installed this way? Could hackers modify this file and execute some damaging instructions as I see the file is rwxrwxrwx .


Fri Jan 13, 2017 2:23 pm

Post by IP_CAM » Sat Feb 04, 2017 1:00 pm

A well done OC has an EMPTY Error Log. Everything else would be highly unprofessional.
But you could keep the Directory, and/or the File extension from beeing called directly (.txt), by
use of .htaccess as well, by making it look like:

Code: Select all

# Prevent Direct Access to files
<FilesMatch "(?i)((\.xml|\.txt|\.tpl|\.ini|\.log|(?<!robots)\.txt))">
 Order deny,allow
 Deny from all

Ernie's OpenShop with free responsive OC Bootstrap Themes: - -

User avatar


Tue Mar 04, 2014 1:37 am
Location - Switzerland