Jump to content

Just checking

m8internet

By m8internet
in Using WHMCS

 Share

Recommended Posts

bear Senior Member

bear

Posted
Posted

Those are normal, they are cached template files and pages. By default there should be an index in there also. If you see any in there that are not long strings (some start with %%), they need looking at.

 

Is that folder above publicly accessible directories? The high permissions needed (in a non suphp environment) make it more likely to be used for bad things, so moving it out of public reach is necessary. 755 permissions won't work in a regular shared server setup where scripts execute as "nobody" as it won't be writable by the script. If it worked as 777 (likely the "nobody" environment), it won't as 755 and vice versa.

0
Link to comment
Share on other sites
m8internet Senior Member

m8internet

Posted
  • Author
Posted (edited)
Is that folder above publicly accessible directories?

All three folders are in their own unique folder

After the update (v4.3.1 to v4.5.2) the permissions changed from 777 to 644

I have tried various permissions, doesn't seem to make any difference

 

Noted after the update a duplicate folder appeared, but is empty

Followed the instructions and renamed this folder

Edited by m8internet
0
Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
All three folders are in their own unique folder

 

But is that folder out of public reach, as in:

/home/username/uniquefolder << out of reach

And not:

/home/username/public_html/unique folder << still at risk

 

so my templates_c is currently at

 

public_html/****/templates_c

 

so yoiu sare saying this shoul be at

 

templates_c/public_html/****

 

if so how do i change $templates_compiledir = "templates_c/" in the configuration.php file

 

Should be /home/user/templates_c

 

http://docs.whmcs.com/Further_Security_Steps

0
Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
Posted
But is that folder out of public reach, as in:

/home/username/uniquefolder << out of reach

And not:

/home/username/public_html/unique folder << still at risk

 

 

 

Should be /home/user/templates_c

 

http://docs.whmcs.com/Further_Security_Steps

 

thanks bear

 

also sorry about the exploits in the other thread, never thought. anyway the IPS assigned to the exploit tickets originated on the OVH network, so have been reported to them

0
Link to comment
Share on other sites
m8internet Senior Member

m8internet

Posted
  • Author
Posted (edited)

I can see where the confusion lies, it's not very clear these three folders must NOT be in the public_html and should be below this

ie root/templates_c/

 

However, I have tested with all three permissions and the files are still created

 

edit :

Checked and neither suphp nor phpsuexec are running

Edited by m8internet
0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept