Tutorial

Ok folks here is another one I recently thought of that nobody should be allowed to view. To see if might affect you or your site enter the following into your web browser:

http://www.yoursite.com/periodic/periodic.file

Now ideally you want to see a 403 error "Forbidden" You don't have permission to access /periodic/periodic.file on this server or similar.

If you see:
MAILTO=youremail@yoursite.com
0 0 * * *  /usr/local/bin/php -q /home/youraccount/public_html/periodic/cmd.php
*/10 * * * *  /usr/local/bin/php -q /home/youraccount/public_html/periodic/notifies.php
* */1 * * *  /usr/local/bin/php -q /home/youraccount/public_html/periodic/cupid.php

Which are your crons you were told to setup during Dolphin installation this is not totally bad, but you are letting the entire internet world see more than they need.

In those crons you will see the path to cmd.php, notifies.php, and cupid.php for example. But before that depending on your hosts setup we see our account name. In the above example I used youraccount. You will most likely see your actual account.

What this is giving someone is your actual login name to your hosting account. Now all they need to figure out is your password. Which they may never figure out, but why give them a free shot at your login name.

This same info in the case above youraccount is often what would be used as your database name and user. In the case of the ever popular cpanel control panel it would be youraccount_yourdatabase. This is still going to be really difficult to figure out, but again don't put any more info out there than need be.

This file can easily be hidden by adding this to your main .htaccess (yoursite.com/.htaccess) or periodic/.htaccess (yoursite.com/periodic/.htaccess)

<Files periodic.file>
deny from all
</Files>


Near the bottom of .htaccess is usually sufficient.

Save and/or re-upload the .htaccess file.

Now go back to or refresh the page:
http://www.yoursite.com/periodic/periodic.file

And you should get a 403 error and you are no longer allowed to view the file directly.

Am looking into a couple of other files I am a little concerned with. I'll add them or update when I get a chance to look over them more.

 
Written By
Tutorial by: Jeremy LeSarge (AKA Ray)

I am the owner and administrator of DialMe.com. I write Tutorials for Boonex Dolphin as well as tips and resources surrounding website programming and development. I enjoy working with WordPress, SEO, and Web Hosting / Servers. I also maintain a WordPress Blog here on this site where you will find a variety of technology and webmaster resources.

Actions
Sponsored Links
Recommend