Support

Admin Tools

#10001 breaches log permission

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 14 August 2011 08:46 CDT

Sunday, 14 August 2011 06:04 CDT

elau24
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the forum before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)


Description of my issue:

What's the recommended permission for the breaches log file?

Sunday, 14 August 2011 06:53 CDT

nicholas
0644. That said, I recommend either using .htaccess Maker with the front-end security feature enabled, or add a .htaccess file with the following contents inside the logs directory: 
order deny, allow
deny from all

This will prevent any unauthorized web access to the log file. Moreover, the log file has a die() statement at the very top to deter web access anyway.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 14 August 2011 07:26 CDT

elau24
Thanks. For some reason mine is just a regular .log file, and has no die() statement anywhere for that matter.

I've now put in a .htaccess file as suggested and that secures it now. Thanks!

Sunday, 14 August 2011 08:19 CDT

nicholas
Oops! Of course you're right. I don't what I was thinking. I answered the post in a hurry, rightbefore lunch. I shouldn't be responding to support questions when I'm hungry, I'm getting confused :p

So, yes, the ideal solution is to add a .htaccess inside the logs directory to disallow rogue access to the log file.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 14 August 2011 08:44 CDT

elau24
Ah, the hungry brain syndrome! Yup, gotta feed it first.

Sunday, 14 August 2011 08:46 CDT

nicholas
He he! So true :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!