[Guide] Security fix for FragFrog package

DarkMaster

Administrator
Staff member
Joined
Apr 8, 2008
Messages
2,465
Reaction score
11,169
IMPORTANT SECURITY FIX FROGMU WEBPACKAGE

I recently discovered that a default Appserv installation DOES NOT protect your config.htpasswd file. This means that any smart hacker can get your username and password! I tested it myself and easily got the SQL server login username and password for someone's private server!

HOW TO FIX
quite easy, luckily. Open your Appserv configuration files. You can do this by either going to your start menu -> Programs -> Appserv -> Apache Configure Server -> Edit the httpd.conf Configuration file. Another way of opening it is going to your webserver folder (probably in c:\program files\appserv\), apache -> conf -> httpd.conf

You can open this file using a text-editor as notepad

Now, find the line that says

# Also, folks tend to use nameas such as .htpasswd for their password
# files, so this will protect those as well.
#
This should be around line 407.

Below these lines you will find something like '<files ~"^/.ht"> stuff here </files>

REPLACE THAT WITH
<Files *.ht*>
Deny From All
</Files>
Now, save the file and restart apache (using the Apache service monitor, or trough your start menu -> programs -> appserv -> Apache Control Server -> Restart)

Applies To:
FrogMu Webpackage 2.0 beta

Credits: FragFrog
 
  • Like
Reactions: -UnknowN-
Good work... Again by you :wasntme:. Very usefull :chuckle:.
 
Nice job.. cause this i use array() for config.php