unsecured logs/log.txt leaks data

  • Resolved eligijus

    (@eligijus)


    3 weeks ago

    Anyone can see logs. Add blocking rules

    # Deny access to all except a specific IP
    <IfModule mod_authz_core.c>
        Require all denied
        Require ip 192.168.1.100
    </IfModule>

    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
        Allow from 192.168.1.100
    </IfModule>
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author abdullah17

    (@abdullah17)

    Hello @eligijus,

    Can you please confirm that you are using the latest version of the plugin.

    As logs/log.txt is no longer available and we have already changed the method of viewing the plugin logs.

    Thanks
    Abdullah

    Thread Starter eligijus

    (@eligijus)

    Hello,
    yes, admins was using old version of plugin.
    Now I see use of randomness in logging function. Good.

    Still it is good practice to deny direct access to log files by default.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.