I'm taking over admin of an opencart installation.
I'm quite shocked to see the error log being placed inside the html document root at the path
system/logs/error.txt
This information is supposed to be confidential to the administrator. Is it by default the apache/opencart get installed this way? Could hackers modify this file and execute some damaging instructions as I see the file is rwxrwxrwx .
A well done OC has an EMPTY Error Log. Everything else would be highly unprofessional.
But you could keep the Directory, and/or the File extension from beeing called directly (.txt), by
use of .htaccess as well, by making it look like:
Ernie
But you could keep the Directory, and/or the File extension from beeing called directly (.txt), by
use of .htaccess as well, by making it look like:
Code: Select all
# Prevent Direct Access to files
<FilesMatch "(?i)((\.xml|\.txt|\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Order deny,allow
Deny from all
</FilesMatch>
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Who is online
Users browsing this forum: No registered users and 139 guests