The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 
Author Message
PostPosted: Fri Sep 05, 2008 8:11 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Jul 15, 2008 7:25 pm
Posts: 43
I have no desire to get hacked!

Where should I move my configuration file to. I understand that all these forums say outside the public_html folder but does that mean anywhere? anywhere? Is there a better location for it? And I think I have to rename it or something. Can someone give me a good explaination of how this works.

If I move this file and I need to edit it, how will the paths that use it know where it is. Do I change the permissions of this file?

Any advice would be helpful.

Yes I understand that there are lots of other security steps to take. I just want to take one confusing step at a time.

Cheers


Top
 Profile  
 
PostPosted: Sat Sep 06, 2008 10:43 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Wed Dec 05, 2007 3:24 am
Posts: 143
Location: Fernandina Beach, Florida.
Hello there,

Well, you can actually move your configuration.php file to anywhere you want, you can even put it on your own computer at home BUT, THAT WILL MAKE YOUR SITE USELESS!!

You NEED to leave the configuration.php file where it is, do not move it, do not rename it.
This file is required by Joomla 100% of the time.

_________________
If it has buttons, I want to play with it...


Top
 Profile  
 
PostPosted: Tue Sep 09, 2008 5:13 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Jul 15, 2008 7:25 pm
Posts: 43
This is straight out of the Joomla Administrators Security Checklist. Have you read this? Is this the wrong thing to do? Now I'm really confused. Am I thinking about the wrong file?


Protect directories and files

Increase the security of the critical configuration.php file by moving it outside of the public_html directory.

Ensure that all configurable paths to writable or uploadable directories (document repositories, image galleries, caches) are outside of public_html. Check third party extensions such as DOCMan and Gallery2 for editable paths to writable directories. There is currently no easy way to move the Joomla! /image and /media directories. The best plan is to make sure open_basedir is properly set for all the user accounts on your server. Check with your host if unsure.


Top
 Profile  
 
PostPosted: Fri Sep 19, 2008 9:35 am 
Joomla! Intern
Joomla! Intern

Joined: Tue Jul 17, 2007 8:13 am
Posts: 80
Yes, Garza is wrong on this... I'm trying to figure it out myself.... found this but seems pretty old not sure if its for 1.5:


One challenge in Joomla! is ensuring that certain PHP files in public_html containing executable code or confidential data are protected from direct Internet access.

There are various ways to protect such files, but most are not optimal. Many users and developer groups, such as Gallery2 and Apache.org strongly recommend against keeping vulnerable files and confidential data inside public_html. The following method seems to be the simplest and most elegant way to protect read-only files that for whatever reason must be stored in public_html. In this example, we protect configuration.php, perhaps the most confidential file of any Joomla! site.

Directions

1. Move configuration.php to a safe directory outside of public_html and rename it whatever you want. We use the name joomla.conf in this example.

2. Create a new configuration.php file containing only the following code:

Code: Select all
<?php
require( dirname( __FILE__ ) . '/../joomla.conf' );
?>



Do not include blank lines above the php start tag "". Such blank lines will trigger the infamous "headers already sent" error. e.g.:

Code: Select all
Warning: Cannot modify header information - headers already sent by (output started at /home/xxxxx/public_html/configuration.php:2) in /home/xxxxx/public_html/index.php on line 250




3. Make sure this new configuration.php is not writable at all, so that it can not be overridden by com_config.

4. If you need to change configuration settings, do it manually in the relocated joomla.conf.

Note: Using this method, even if the Web server somehow delivers the contents of PHP files, for example due to a misconfiguration, nobody can see the contents of the real configuration file.


Top
 Profile  
 
PostPosted: Fri Sep 19, 2008 2:28 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Wed Dec 05, 2007 3:24 am
Posts: 143
Location: Fernandina Beach, Florida.
Interesting...

I guess I have miss some of the news!

_________________
If it has buttons, I want to play with it...


Top
 Profile  
 
PostPosted: Tue Nov 24, 2009 12:03 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Sep 08, 2005 3:10 pm
Posts: 23
I moved my configuration file and can not remember where I put it! Can somoene give me some advice as to how I can find it?


Top
 Profile  
 
PostPosted: Fri Nov 18, 2011 11:30 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Sep 13, 2011 8:14 am
Posts: 11
Refer to this page for instructions on moving sensitive files like configuration.php.

http://docs.joomla.org/Moving_sensitive ... e_web_root


Top
 Profile  
 
PostPosted: Mon Mar 19, 2012 3:00 am 
Joomla! Explorer
Joomla! Explorer

Joined: Mon Mar 09, 2009 9:54 am
Posts: 459
Location: Dallas, TX
You don't need to move it anywhere else.

Just make sure that you changed to 444 and then if you want really seriously protect your Joomla Site buy this extension.

http://extensions.joomla.org/extensions ... tools/7032

All my Joomla Sites are protected by that tool and sites have never been hacked.

Yes I have been hacked in the past but after that tool it never happened again.

_________________
http://cmsteachings.com - Joomla Tips & Tutorials
http://ubrainmedia.com - My Joomla Company
My Joomla Advice is my personal experience. It does not means I am right or wrong. It just means that I work with Joomla in my own way and it works for me.


Top
 Profile  
 
PostPosted: Mon Mar 19, 2012 9:38 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12392
Location: The Girly Side of Joomla in Sussex
moderators note:
Moving the configuration.php from your root of your Joomla installation as described in the procedures below makes no sense at all if your website or server is insufficiently protected. Moving the file only prevents the viewing of the Joomla configuration file by the casual observer. It offers no protection if root access can be been gained to your domain in some fashion, nor does it prevent root access to your domain that is the result of security compromises in Joomla, from 3rd party extensions, or similar insecurities from access gained through badly configured/protected remote or local servers."


topic locked

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 



Who is online

Users browsing this forum: No registered users and 18 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group