LinkBack URL
About LinkBacks
phpbb autoinstallation security problem
Hello,
the autoinstallation of phpbb 2.0.2 with cpanel has a security problem , in fact at the end of installation it mantains following
files and dir
update_to_202.php
upgrade.php
install.php
contribs directory
In fact the installation manual report this ;
========================
8. Important (security related) post-Install tasks for all installation methods
Once you have succssfully installed phpBB 2.0.2 you MUST ensure you remove install.php, upgrade.php and update_to_202.php files. Leaving these in place is a [b:0617a44257]very serious potential security issue[/b:0617a44257] which may lead to deletion or alteration of files, etc. [b:0617a44257]Additionally you MUST remove the contrib directory once you have utilised any files it contains[/b:0617a44257]. This directory may include files which though very useful, could compromise your board or account. Beyond these essential deletions you may also wish to delete the db/schemas and docs/ directories if you wish.
With these files deleted you should proceed to the administration panel. Depending on how the installation completed you may have been directed there automatically. If not, login as the administrator you specified during install/upgrade and click the &Administration Panel& link at the bottom of any page. Ensure that details specified in General -& Configuration are correct!
========================
Another good idea should be to provide 2.0.3 instead of 2.0.2 since it fixes some security problem on 2.0.2 .
Thank you
Reply With Quote
