Log is public readable

**volschin** · 06-28-2009 06:58 AM

Normally Joomla seem to write logs as php to restrict access to them. The plugin generates a log with .log extension meaning not being parsed as php.
So the log can be read by anyone with direct input of the URL.

I think this should be changed to httpbl.php to be secure.

**michiel_1981** · 06-28-2009 10:51 AM

Thank you for reporting this, i will release a new version asap.

kind regards,
Michiel

**michiel_1981** · 06-28-2009 12:26 PM

released version 1.9, fixes this issue.

kind regards,
Michiel

**volschin** · 07-05-2009 02:55 PM

Thanks for the fast fix. It works fine.

**orasis** · 03-27-2010 01:42 AM

Hi I use the plg_httpbl_latest which is version 1.10 for Joomla! 1.5.15 Native, and when accessing www.mydomain.com/logs/httpbl.php I can see it from public without any restriction on any browser..

how about that ?

**divesport** · 04-05-2010 08:07 AM

Originally Posted by orasis

... when accessing www.mydomain.com/logs/httpbl.php I can see it from public without any restriction on any browser..

If you're running Apache, you can block access to the entire logs directory. Put a .htaccess file in this logs directory with the following contents:

Code:

order deny,allow
deny from all

How about that?

**orasis** · 04-05-2010 02:29 PM

I've just password protected the dir already
thanks for the reply

**allengreg512** · 05-02-2010 02:27 AM

Log is public readable
you can hide/unhide it from administrator control panel of the niche.
it is found under settings..

Regards & Thanks
tuinhuis

**mallanna142** · 07-28-2010 09:11 AM

Hi

Thank you for reporting this, i will release a new version asap.

kind regards,

phe9oxis

Thread: Log is public readable

Thread Tools

Log is public readable

Re: Log is public readable

Re: Log is public readable

Re: Log is public readable

Re: Log is public readable

Re: Log is public readable

Re: Log is public readable

Re: Log is public readable

Re: Log is public readable

Posting Permissions