To post a new support question, click the Post New Topic button below.
Current Version: 4.8.5 | Sytist Manual | Common  Issues | Feature Requests

Please log in or Create an account to post or reply to topics.
You will still receive notifications of replies to topics you are part of even if you do not subscribe to new topic emails.

Htaccess And The Admin Directory

12 posts
Sat Nov 18, 23 3:37 PM CST

I just thought everyone using this software should be aware of the following as it has made me crazy for some time and today after moving a sytist site to a new hosting server I found the culprit making me crazy...it's name was Sytist! LOL

For over a year now I have noticed that at seemingly random times the directory protection files I placed in the admin folder were missing.  This is the standard directory protection of restricting access by IP or by password within an htaccess file. I don't run any web site with an admin folder without this applied. I have been very, very concerned that somehow someone was getting in to the hosting acct and removing it, yet nothing else ever disturbed or changed. I only noticed this in the last year or so.

Imagine my surprise today while I examined the backup folder sytist makes when it updates and find the missing htaccess file in there, after discovering it was gone from the sy admin directory and yet just 30 mins before it was there when I logged in and updated to 4.6.1 after moving the site over!

The light bulb went off as to what was going on at that moment - no hacking on the old host acct, just sytist removing it and since I am just the webmaster and only login to check for updates or when the owner has issues it wasn't a constant thing - it only happened after updates I see now when I review my notes.

There must be a fix to this, Tim can you adjust your update script to put any .htaccess and .httpswd files back (if exists) or to leave them alone during updates? Better yet make it a feature with Sytist to protect the admin folders this way for everyone because you can never have enough security to keep the relentless potential hackers at bay.

454 posts
Sat Nov 18, 23 3:52 PM CST

I have never had an issue with backup's or updates, no files have ever gone missing or bad. This would be host related. And i am running two sytist installations on the same server, no issues.

Edited Sat Nov 18, 23 3:54 PM by Vance Birno
454 posts
Sun Nov 19, 23 12:34 PM CST
T
357 posts
Mon Nov 20, 23 11:59 AM CST

I wasn't aware that Sytist would work behind a .htaccess protected folder.  

Interested to find Tim's opinion on this topic.

12 posts
Tue Nov 21, 23 6:51 AM CST
Vance Birno wrote:

renaming your admin folder https://www.picturespro.com/sytist-manual/installa...

Of course, and that is security by obscurity and that equals no security at all bud.

Spend some time going through the server logs to realize how much more sophisticated hacking is today, they certainly aren't stupid and they know what to look for.

I assure you this is not a host issue, lol. It is the installation script scooping the admin file contents as a backup.

12 posts
Tue Nov 21, 23 6:54 AM CST
Trailboy wrote:

I wasn't aware that Sytist would work behind a .htaccess protected folder.  

Interested to find Tim's opinion on this topic.

I've been working with this software since 2013, before Sytist it was Photocart.  There was some grief getting it to work with Photocart I recall, but no problem with Sytist.

6 total messages
Please log in or Create an account to post or reply to topics.
This post has been viewed 172 times
Category: Installation
 
Loading more pages
Loading more pages

Sign up for email promotions.

Your information is safe with us and won't be shared.

Thank you for signing up!

 
©2003 - 2021 Grissett, LLC. All Rights Reserved.

By continuing to browse or by clicking Accept Cookies, you agree to the storing of cookies on your device necessary to provide you with the services available through our website.

    Accept   Privacy & Cookie Policy
Loading More Photos
Scroll To Top
Close Window
Loading
Close