Support

Admin Tools

#23353 Joom 3.4.3- Admin 3.6.1 - Do not see the .htaccess to change permission?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by Chacapamac on Monday, 05 October 2015 07:33 CDT

Chacapamac
 Joom 3.4.3- Admin 3.6.1 -
In Admin Tools administration —> Permissions Configuration
I cannot see the .htaccess/.htpasswd files to change their permission?

nicholas
Akeeba Staff
Manager
All files whose name begins with a dot are hidden files, therefore not listed. You need to change their permissions using your hosting panel's file manager, selecting the option to display hidden files first.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
Was visible in older version of Admin ?

nicholas
Akeeba Staff
Manager
It shouldn't be. I've not touched the code that produces the file list at all in the last couple of years.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
Actually working in Admin 2.2.10 - Both site are with the same hosting firm but I’m not sure on the same server. I will take a look.

As you say, it’s maybe a server setting.

nicholas
Akeeba Staff
Manager
If dot files are visible in 2.2.10 then it was a bug. They were not supposed to be displayed.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
Ok , but can htaccess can be hacked also ? - Changing their permissions is probably important?

nicholas
Akeeba Staff
Manager
REMOVING WRITE PERMISSIONS FROM A FILE ON YOUR SITE DOES NOT INCREASE YOUR SITE'S SECURITY. If someone has the ability to write arbitrary files to your site they can easily change the permissions of a file and write over it. The ONLY protection given to you by changing permissions is removing world-writeable permissions from all files/folders. This prevents other users (i.e. other sites) on the same server from writing or modifying files and folders on your account.

The default permissions of .htaccess files (0644) already prevent that. If someone can write to your .htaccess file then they are running as your site account's user. In this case you are already hacked. Permissions won't protect you and the web application firewall won't protect you: the attacker has access to your server, writing files as if they were you.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
I see — Good to learn - Thank Closed

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!