Should any of these files be removed? Topic is solved
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Enthusiast
- Posts: 183
- Joined: Wed Jul 08, 2015 5:50 pm
- Location: Richardson, TX
- Contact:
Should any of these files be removed?
All of these files are in the root directory of our Joomla installation. Can any of these files be removed without affecting the functionality of Joomla? I understand why .htacess is there, but some of the others are worrisome. phpinfo.php, for example, will divulge a tremendous amount of useful information to a hacker. (I've changed its permissions to 000 as well as the phpunit.xml.dist, web.config.txt, and README.txt files.)
Are the two composer files being used? What about karma.conf.js?
I don't like the idea of exposing, unnecessarily, useful information for hackers.
.htaccess
appveyor-phpunit.xml
build.xml
composer.json
composer.lock
configuration.php
error_log
htaccess.txt
index.htm
index.html
index.php
karma.conf.js
LICENSE.txt
phpinfo.php
phpunit.xml.dist
README.txt
robots.txt
robots.txt.dist
web.config.txt
Are the two composer files being used? What about karma.conf.js?
I don't like the idea of exposing, unnecessarily, useful information for hackers.
.htaccess
appveyor-phpunit.xml
build.xml
composer.json
composer.lock
configuration.php
error_log
htaccess.txt
index.htm
index.html
index.php
karma.conf.js
LICENSE.txt
phpinfo.php
phpunit.xml.dist
README.txt
robots.txt
robots.txt.dist
web.config.txt
Technical contact for Vietnam Veterans for Factual History
Paul Schmehl [email protected]
Paul Schmehl [email protected]
- Per Yngve Berg
- Joomla! Master
- Posts: 31056
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: Should any of these files be removed?
The files needed to run Joomla is: configuration.php, index.php, .htaccess and robots.txt.
Files such ad phpinfo.php does not came from Joomla.
Files such ad phpinfo.php does not came from Joomla.
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Should any of these files be removed?
The following is a list of files created with a new installation of J!
As a minimum you need the two files configuration.php and index.php; a J! website cannot work without these. Depending on whether you use URL rewriting (with SEF URLs) or if you locate your J! website in a sub-folder of another J! website, you may also require the file .htaccess or web.config (depending on the server software you're using); see https://docs.joomla.org/Preconfigured_htaccess.
I would not think about deleting the files listed above. The other files mentioned in the opening post are unnecessary for J!.
- configuration.php
- htaccess.txt
- index.php
- LICENSE.txt
- README.txt
- robots.txt
- robots.txt.dist
- web.config.txt
As a minimum you need the two files configuration.php and index.php; a J! website cannot work without these. Depending on whether you use URL rewriting (with SEF URLs) or if you locate your J! website in a sub-folder of another J! website, you may also require the file .htaccess or web.config (depending on the server software you're using); see https://docs.joomla.org/Preconfigured_htaccess.
I would not think about deleting the files listed above. The other files mentioned in the opening post are unnecessary for J!.
-
- Joomla! Enthusiast
- Posts: 183
- Joined: Wed Jul 08, 2015 5:50 pm
- Location: Richardson, TX
- Contact:
Re: Should any of these files be removed?
Thank you.
Technical contact for Vietnam Veterans for Factual History
Paul Schmehl [email protected]
Paul Schmehl [email protected]
- AMurray
- Joomla! Exemplar
- Posts: 9859
- Joined: Sat Feb 13, 2010 7:35 am
- Location: Australia
Re: Should any of these files be removed?
I would suggest subscribing to mysites.guru. It has a function to identify those sorts of files as you ask about and a handy utility to remove them because, as mentioned, they will be replaced any time you update Joomla. (Just one of the many dozen useful features of mysites.guru, not counting its primary function of security auditing). Just mentioning this as a satisfied customer of this service, no affiliation.
Regards - A Murray
General Support Moderator
General Support Moderator
-
- Joomla! Enthusiast
- Posts: 183
- Joined: Wed Jul 08, 2015 5:50 pm
- Location: Richardson, TX
- Contact:
Re: Should any of these files be removed?
I will check it out.AMurray wrote: ↑Sat Aug 20, 2022 10:54 pmI would suggest subscribing to mysites.guru. It has a function to identify those sorts of files as you ask about and a handy utility to remove them because, as mentioned, they will be replaced any time you update Joomla. (Just one of the many dozen useful features of mysites.guru, not counting its primary function of security auditing). Just mentioning this as a satisfied customer of this service, no affiliation.
Technical contact for Vietnam Veterans for Factual History
Paul Schmehl [email protected]
Paul Schmehl [email protected]
- Webdongle
- Joomla! Master
- Posts: 44144
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Should any of these files be removed?
phpinfo.php definitely should NOT be in the root!!! Consider the possibility that you have been hacked.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
- AMurray
- Joomla! Exemplar
- Posts: 9859
- Joined: Sat Feb 13, 2010 7:35 am
- Location: Australia
Re: Should any of these files be removed?
I should correct myself - and mention that the files you were asking about are 'flagged' as part of the full, or snapshot audit scan, it's not a separate utility.
Regards - A Murray
General Support Moderator
General Support Moderator
- Per Yngve Berg
- Joomla! Master
- Posts: 31056
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: Should any of these files be removed?
phpinfo.php was probably left by the person who installed and forgot to remove it.
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Should any of these files be removed?
This is very often installed by a hosting company to review the site's PHP-info which does not need to reflect the server PHP. It is not a direct threat but should be removed. We have never seen this in an actual hacked site
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
-
- Joomla! Apprentice
- Posts: 26
- Joined: Sat Jun 24, 2023 4:04 am
- Contact:
Re: Should any of these files be removed?
I have seen a hacker gain access through phpinfo.php. I've only seen it once, and I'm not sure if they had a backdoor into the web developers company, but it definitely provided a backdoor to the hacker.
- Per Yngve Berg
- Joomla! Master
- Posts: 31056
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: Should any of these files be removed?
phpinfo itself does not give anyone access to the server, but it can give valuable info to the hacker on how to get access.