Linking config.php

Nuke Soldier Joined: Feb 18, 2003 Posts: 14

A little while ago I read something about moving the config.php file to a different folder, and linking to it as a security measure.

Unfortunately, I can't remember the exact details about how to do it.

Any ideas about this ? Would it be worth doing it for nuke 6 ?

Joined: Jan 31, 2004 Posts: -88

there's no point.

There's a little bit of code in the file that says basically "If you access this file directly, re-direct you to the index.php file"

so it can't be deleted or viewed directly.

That post has come up a couple of times. Once by FB when he was panacking about security, and once by somebody else (can't remember who)

AI

Nuke Soldier Joined: Feb 18, 2003 Posts: 14

Thanks AI.

Another thing I forgot to ask about that file in my previous post; something to do with changing the chmod on it after the install, but I can't remember to what. ??

Joined: Jan 31, 2004 Posts: -88

actually, u can leave the chmod alone now. Nuke 5.5 and 5.6 stored the site settings in config.php not the database, so they needed to be able to write to the config.php file. You don't any more, so it can stay as is.

AI

Nuke Soldier Joined: Feb 18, 2003 Posts: 14

Just to be sure, what chmod shoud it be ?

[ edit ]

Also, I read a bunch of threads here about posters' sites getting hacked.
What are they doing wrong ? or not doing right?
Are they using older, less secure version of nuke?

Joined: Jan 31, 2004 Posts: -88

chmod 644

other sites that were getting hacked were probably a pre-fix pack 3 version of nuke which still had the news exploit in it.

AI

Nuke Soldier Joined: Feb 18, 2003 Posts: 14

Thanks for the help AI.

That was excellent info.