Someone trying to read configuration.php

khorton · Post by **khorton** » Wed Apr 22, 2015 5:22 pm

I use Marco's SQL Injection extension. I've gotten four warnings from it in the last three weeks about various IPs trying to read configuration.php. After each warning I've updated .htaccess to add a deny to that IP.

I've completed the various suggested items in the Joomla Security Checklist. I use AdminExile and SecurityCheck. I've got the whole Joomla directory as a Git repository, so I can see if any files have been changed or added, and easily roll back to a good configuration.

Knowing that someone wants to read my configuration.php, is there anything else I should be doing to ensure they don't cause me issues, or to be aware quickly if anything goes awry?

JAVesey · Post by **JAVesey** » Thu Apr 23, 2015 8:29 am

configuration.php sits in your Joomla root folder; all that will be happening is someone/something/somebot is scanning or looking for www.yourdomain.com/configuration.php and, of course, they will find it because it's there. It may be an automated web crawler or similar.

The key thing is to make sure that:

1. you "own" the file on the server
2. its CHMOD is set to 444 (although 644 is probably okay too!)

I wouldn't worry that an attempt to read the file has been made. I'd worry if they managed it, though. Do the above and it won't be read; an error message will be thrown.

leolam · Post by **leolam** » Thu Apr 23, 2015 4:16 pm

Agree with John for sure.... Makes no sense to block IP's since they come in randomly (scripts) Today they seems to come from China and tomorrow from Germany or Ireland so you cannot block the world......

Simply do not worry as John stated

Leo

khorton · Post by **khorton** » Thu Apr 23, 2015 5:56 pm

Thanks guys. I did confirm that I own configuration.php, and that its permissions are 444.

I'll look for something more productive to worry about.

JAVesey · Post by **JAVesey** » Sun Apr 26, 2015 12:10 pm

khorton wrote:I'll look for something more productive to worry about.

Bernard T · Post by **Bernard T** » Mon Apr 27, 2015 8:43 pm

1) upgrade your Joomla on a regular basis
2) upgrade your extensions on a regular basis, and check if any of your installed extensions is on VEL List (vel.joomla.org)

Regarding previous advises, for total clarity:
CHMODding config.php to a 444 mask will only disable editing of it (without changing mask again). It's recommended, it's secure, but it does not prevent downloading the file if HTTP Server (eg. Apache, Nginx...) is miss-configured, or for example, attackers have managed to find vulnerability to read files from your server (eg. RFI)

kandasmoolman51 · Post by **kandasmoolman51** » Thu Sep 17, 2015 9:00 am

I think the best setting for the config.php on the server is 0400.

Regards,

Bernard T · Post by **Bernard T** » Thu Sep 17, 2015 10:06 am

kandasmoolman51 wrote:I think the best setting for the config.php on the server is 0400.

For optimally configured server - yes.

The Joomla! Forum™

Someone trying to read configuration.php

Someone trying to read configuration.php

Re: Someone trying to read configuration.php

Re: Someone trying to read configuration.php

Re: Someone trying to read configuration.php

Re: Someone trying to read configuration.php

Re: Someone trying to read configuration.php

Re: Someone trying to read configuration.php

Re: Someone trying to read configuration.php