Protecting Files

From TNG_Wiki
Jump to: navigation, search


Files to delete after installation

The following files must be deleted for security reasons after the installation.

  • readme.html
  • ajx_tnginstall.php
  • appendix.html
  • whatsnew.txt

The "whatsnew.txt" file can be used to display additional content in Whatsnew.php. Delete only when not in use.

These deletions prevent damage to the TNG installation in the unlikely event that unauthorized persons gain access to the installation directory.

Rename log files

Standard log files

In the unlikely event that unauthorized persons gain access to the TNG installation directory, we recommend the standard log files to rename:

  • genlog.txt
  • adminlog.txt
  • modmgrlog.txt

The contents of both standard log files are only authenticated users (eg admin, editor.) Appears:

  • genlog.txt - logs accesses registered visitors and possibly access from (spam) bots
The Admin >> under Info Access Log displays
  • adminlog.txt - logs the Admin Actions
the admin under "history of changes" in the Admin header appears.

Standard log files rename

Open Admin >> Settings >> Configuration >> logging settings.

  • Change the file name of both log files.
  • Set the number of lines for public log file that under Info >> log of accesses is displayed.

Customized Logs Mod

Install the "Customized Logs": TIP http://tng.lythgoes.net/wiki/index.php?title=Customized_Logs_Mod to get as admin to create two additional logs and under Info >> Access Log displayed (this file name can not be changed).

  • botgenlog.txt - logs bot hits
  • userlog.txt - logs accesses undeclared visitors

Protect Log files with .htaccess

Please add the following in .htaccess file a ... ... to protect a single .txt file:


<Files adminlog.txt>
order allow,deny
deny from all
</Files>


<Files genlog.txt>
order allow,deny
deny from all
</Files>

OR ... to both .txt files to protect (and thus the license.txt reached remains ...)

<Files adminlog.txt>
order allow,deny
deny from all
</Files>
<Files genlog.txt>
order allow,deny
deny from all
</Files>

TIP: Protect botgenlog.txt the files and userlog.txt in the same way, if MOD "Customized Logs" is installed.

Further information on .htaccess file: http://www.htpasswdgenerator.com/apache/htaccess.html#7

Related Links

Protecting access log