securing whmcs issues with writeable folders move

Discussion in 'Installation/Configuration' started by mikeonispconfig, Mar 24, 2016.

  1. mikeonispconfig

    mikeonispconfig New Member

    Hi all,
    First to explain what I'm trying to do:
    I've installed WHMCS and things are good, except that now I'm trying to 'secure the installation' via instructions:
    http:// docs.whmcs.com /Further_Security_Steps
    in particular the "Secure the Writeable Directories" heading...

    You wouldn't think it to be a problem, but no matter where I put the files outside of the public 'web' folder of the domain it won't work...
    existing full pathed folder is:
    /var/www/clients/client1/web1/web/whmcs/folder1
    /var/www/clients/client1/web1/web/whmcs/folder2
    /var/www/clients/client1/web1/web/whmcs/folder3
    and I'm trying to move it to:
    /var/www/clients/client1/web1/whmcs-writables/folder1
    /var/www/clients/client1/web1/whmcs-writables/folder2
    /var/www/clients/client1/web1/whmcs-writables/folder3
    ... of course the moving is easy and so is the permission change etc but when changing the necessary .php file I can't get the right path it seams... I've tried everything! I've even lost hair! ;)

    Can anyone help? Is there a default /home I could use like with cPanel or Plesk? Is this an ISPConfig 3 Panel specific setting/issue?
    Thanks all!
     
    Helwignhi446 likes this.
  2. mikeonispconfig

    mikeonispconfig New Member

    anyone?
    maybe i'm over complicating this.
    Basically I'm needing to know is:
    How do I tell the config.php file to look at a physical path lower than where it's running from? I've used full paths but it fails...
    the config file is here: /var/www/clients/client1/web1/web/whmcs/
    looking at a folder there called 'folder1'...
    I'd like the config file to look for that folder here: /var/www/clients/client1/web1/whmcs-writables/folder1

    Can this be done 'relatively'?
     
    Helwignhi446 likes this.
  3. mikeonispconfig

    mikeonispconfig New Member

    ok solved by finally finding a reference to a similar case on this forum... it's all in the search terms ;)
    Anyways, for reference:
    ::make sure that this path is included in the 'PHP open_basedir' path's under the website -> sites -> options page
    not sure if it's really more 'secure'.. but I bet it's better than default config...
    Thanks to all who read this...
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Public accessibpel files do into the /web folder of the site, private files that shall not be accessible go into the /private folder of the site. You can also create new folders in both directories were nescessary but dont create any folders in web1 directly.
     

Share This Page