[Guide] Security fix for FragFrog package

DarkMaster

Administrator
Staff member
Joined
Apr 8, 2008
Messages
2,441
Reaction score
10,994
IMPORTANT SECURITY FIX FROGMU WEBPACKAGE

I recently discovered that a default Appserv installation DOES NOT protect your config.htpasswd file. This means that any smart hacker can get your username and password! I tested it myself and easily got the SQL server login username and password for someone's private server!

HOW TO FIX
quite easy, luckily. Open your Appserv configuration files. You can do this by either going to your start menu -> Programs -> Appserv -> Apache Configure Server -> Edit the httpd.conf Configuration file. Another way of opening it is going to your webserver folder (probably in c:\program files\appserv\), apache -> conf -> httpd.conf

You can open this file using a text-editor as notepad

Now, find the line that says

# Also, folks tend to use nameas such as .htpasswd for their password
# files, so this will protect those as well.
#
This should be around line 407.

Below these lines you will find something like '<files ~"^/.ht"> stuff here </files>

REPLACE THAT WITH
<Files *.ht*>
Deny From All
</Files>
Now, save the file and restart apache (using the Apache service monitor, or trough your start menu -> programs -> appserv -> Apache Control Server -> Restart)

Applies To:
FrogMu Webpackage 2.0 beta

Credits: FragFrog
 
  • Like
Reactions: -UnknowN-

RhysFox

New Member
Joined
Jun 30, 2008
Messages
918
Reaction score
298
Good work... Again by you :wasntme:. Very usefull :chuckle:.
 

Mephisto

New Member
Joined
Apr 10, 2008
Messages
451
Reaction score
240
Nice job.. cause this i use array() for config.php
 
Thread starter Similar threads Forum Replies Date
m4w94pke [Guide] Fix Widescreen: Main 97D+99i Guides 11
dDosgwapo [Guide] How to fix C000001d Error Guides 3
Wikko0 [Guide] Fix Quest System 97d Guides 9
L [Guide] Sql Server Connect Error Fix Guides 3
Dungeon [Guide] Remove MD5 Fixed Guides 5
f0und [Guide] Fix Devil Square Points Guides 7
darkkingh [Guide] How to fix MD5 in your server files Guides 6
MeMoS [Guide] How to fix MD5 in your website Guides 8
redfighterxp [Guide] Good Script for AutoFix stats Guides 0
eXecuteR [Guide] Visual C++ Debug error Fix Guides 7
DarkMaster [Guide] Age Bug Fix [1.00.18] Guides 8
y0caa [Guide] Fix Sygate Firewall Guides 29
killar4eto [Guide] How to setup MuServer SCFMT 7.09.00 Cracked + Fixes & New Items Guides 45
MorgaN [Guide] How fix Guild exit Bug Guides 6
O [Guide] Fix SQL Inject in MuServer Guides 8
diablo21 [Guide] Stats Fix Sql Job Guides 12
Shatter [Guide] Party Zen Bug Fix (1.00.18) Guides 0
FroggerPL [Guide] MuServer Error Fixing Guides 1
Gasolincho [Guide] Reset limit fix Guides 15
MorgaN [Guide] How to fix Guild Score Guides 0
ReaL [Guide] Season3 Ep1 GS Freeze & Crash FIX Guides 9
ReaL [Guide] Fix Online Count MEMB_STAT Guides 6
DarkMaster [Guide] 97d99i Party Zen Bug Fix Guides 2
P [Guide] How to fix Error-L10 Guides 3
P [Guide] How To Fix "Account is Allready Connected" Guides 25
DarkMaster [Guide] Chaos Castle Fix 1.01e Guides 4

Similar threads