Support

Admin Tools

#14451 .htaccess

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 21 December 2012 02:33 CST

Thursday, 20 December 2012 09:06 CST

anandmahey

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the tickets before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)

Description of my issue:

I'm a complete novice with Joomla and web building. As such, I'm not sure if the .htaccess created by Admin Tools requires the following to be added. Please advise:

Β 

IndexIgnore *
Options -Indexes

ServerSignature Off

<Files .htaccess>
order allow,deny
deny from all
</Files>

<FilesMatch "configuration.php">
Order allow,deny
Deny from all
</FilesMatch>

Β 

I'm sure the .htaccess by Admin Tools .htaccess maker is thorough, but any other suggestions to make it even more secure will be much appreciated. I ran joomscan on my own site, and found:

# 1
Info -> Generic: htaccess.txt has not been renamed.
Versions Affected: Any
Check: /htaccess.txt
Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
Vulnerable? Yes

Β 

And I deleted htaccess.txt.....thats the first thing i did after using .htaccess maker.

Β 

Thursday, 20 December 2012 10:02 CST

nicholas

You don't to add any of that. Admin Tools' .htaccess Maker takes care of the issues these snippets of .htaccess code try to address. The only it doesn't do is the ServerSignature Off. You have to ask your host if you can add this to your site's .htaccess.

Regarding joomscan's result, it is totally inaccurate. It merely checks if the htaccess.txt file is removed. It doesn't check if you have a .htaccess file or what it contains. The wording is misleading.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 20 December 2012 21:11 CST

anandmahey

Hi Nicholas, thats wonderful. I'll check with my host about adding ServerSignature Off.

I would like to say that Admin Tools is a wonderful addition to Joomla. I love it! And i'd like to commend you on a job well done with Admin Tools, and your speedy precise and concise answers :)

Friday, 21 December 2012 02:33 CST

nicholas

Thank you very much for your kind words!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!