miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
How To miniBB Support Forums / How To /  
 

Vulnerable folder report upon forums installation

 
Author jorge
Partaker
#1 | Posted: 3 Jun 2008 22:28 
In my installation

Folder's protection

Vulnerable. In your current forums folder, where are you are going to install the forums, PHP script is able to create, delete and modify files. We recommend to set permissions for generic forums folder as read-only.

where and how modify this problem.

Sincerely,

Author Paul
Lead Developer 
#2 | Posted: 4 Jun 2008 04:27 
It just means any script is allowed to create and modify files under this folder without setting a special permission. Since many hacks are related to modify/delete files, this could be dangerous.

If you have 'register_globals' set to OFF, you may skip this warning and install miniBB usual way, I think. Because all hacks are leading from this vulnerable setting.

But if you want to be completely safe, try to contact your provider and ask them about this problem. It's related to some kind of special configuration on the server; OR maybe it's a Windows-based server, where this error naturally should always appear and you don't need to pay attention to it then.

How To miniBB Support Forums / How To /
 Vulnerable folder report upon forums installation
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Try the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑