Author Topic: Unprotected install.php in tp/graph, why?  (Read 8243 times)

0 Members and 1 Guest are viewing this topic.

Offline slizard1

  • Newbie
  • *
  • Posts: 15
    • View Profile
Unprotected install.php in tp/graph, why?
« on: June 16, 2009, 12:32:11 PM »
Hi,

there's a file called install.php in tp/graph on each of my sites & the thing is, it seems to be accessible from any browser to anyone without login.
http://www.domain.com/tp/graph/install.php.

I don't understand why an installer is needed in the graph folder & why it's so easy to access it.

Have any clue what is for this installer & why it's unprotected as it is? :-/

I have renamed them until I get an answer.

Thanks.

Offline slizard1

  • Newbie
  • *
  • Posts: 15
    • View Profile
Re: Unprotected install.php in tp/graph, why?
« Reply #1 on: June 16, 2009, 12:40:14 PM »
I'd love to have more protections added to TP.  I don't like too much the fact to see all PHP files 777 specially with allow_url_fopen ON.

90% of all the PHP files are used by me only & I'd love to have at least some htaccess files in every dir that would restrict access to it to my IP only.

I don't know which files I'd need to not restrict to not break the script.

Would it be possible to give us the files that would need to not be restricted by htaccess in order for the script to work properly.

I'm sure there's other peeps that would love to get this info.

Also, if I change CHMOD on all PHP files to 444, would this create issues?