Protecting Files
Files to delete after installation
The following files must be deleted for security reasons after the installation.
- readme.html
- ajx_tnginstall.php
- appendix.html
- whatsnew.txt
The "whatsnew.txt" file can be used to display additional content in Whatsnew.php. Delete only when not in use.
These deletions prevent damage to the TNG installation in the unlikely event that unauthorized persons gain access to the installation directory.
Rename log files
Standard log files
In the unlikely event that unauthorized persons gain access to the TNG installation directory, we recommend the standard log files to rename:
- genlog.txt
- adminlog.txt
- modmgrlog.txt
The contents of both standard log files are only authenticated users (eg admin, editor.) Appears:
- genlog.txt - logs accesses registered visitors and possibly access from (spam) bots
- The Admin >> under Info Access Log displays
- adminlog.txt - logs the Admin Actions
- the admin under "history of changes" in the Admin header appears.
Standard log files rename
Open Admin >> Settings >> Configuration >> logging settings.
- Change the file name of both log files.
- Set the number of lines for public log file that under Info >> log of accesses is displayed.
Customized Logs Mod
Install the "Customized Logs": TIP http://tng.lythgoes.net/wiki/index.php?title=Customized_Logs_Mod to get as admin to create two additional logs and under Info >> Access Log displayed (this file name can not be changed).
- botgenlog.txt - logs bot hits
- userlog.txt - logs accesses undeclared visitors
Protect Log files with .htaccess
Please add the following in .htaccess file a ... ... to protect a single .txt file:
<Files adminlog.txt>
order allow,deny
deny from all
</Files>
<Files genlog.txt>
order allow,deny
deny from all
</Files>
OR ... to both .txt files to protect (and thus the license.txt reached remains ...)
<Files adminlog.txt>
order allow,deny
deny from all
</Files>
<Files genlog.txt>
order allow,deny
deny from all
</Files>
TIP: Protect botgenlog.txt the files and userlog.txt in the same way, if MOD "Customized Logs" is installed.
Further information on .htaccess file: http://www.htpasswdgenerator.com/apache/htaccess.html#7