Locking your site settings

[757jterrell]

Hello all,

There is a very simple way to lock your site settings to prevent possible hackers that get into your site from actually changing your site settings (i.e. your payment address, email settings, click rates, payout amounts, etc).

Once you have all your site settings the way you want them, go to this file and set the permissions to 0644. This will completely lock the site settings so that they can not be changed.

includes/settings.php

Now, if you later decide to change one or more of your settings, you will need to go back into your cpanel and change the permission to 0777, change the setting, and then change the permission for this file back to 0644. This is a nice preventive measure.

[Addons]

Great Option to prevent from cheater

[bprasetio]

its more complicated when Daily Click Bonus is activated.

when daily click bonus feature is active, the cron job will update the setting file, this may lead a failed update when the given permission is not 777. But in other hand, leave it to 777 is not good practice.

change the permission manually is also a pain.

So any suggestions?

[757jterrell]

no not yet

[bprasetio]

its more complicated when Daily Click Bonus is activated.

when daily click bonus feature is active, the cron job will update the setting file, this may lead a failed update when the given permission is not 777. But in other hand, leave it to 777 is not good practice.

change the permission manually is also a pain.

So any suggestions?

I made fix on my way, I separated the related click bonus settings to other file and merge it when load setting function is loaded.

so its a middle way between security and functionality, although the click bonus setting file permission set to 666 or 777.

I also have tried to save it directly to DB, but seems more complicated code in order to work properly.

[Arbolus]

Great preventive fix 

[WebSuccess4You]

    Thank you. I just checked finally and everything was 0644 .
However, how do you actually do the writing when you change code in one of those files, for instance.
What I did for the Home.php  is to save it my website name folder on my laptop and then upload it
to my PTC-PTR directory in my major website and look at it from there. Host4Profit uses a WebePanel
which is much easier than a CPanel to negotiate. Then I would upload the changed code to a slightly
differently named file and see what it looks like.

[757jterrell]

I usually almost always code on the cpanel itself, I just find it easier that way.

[johnlennon9687]

nice tip

[757jterrell]

This is probably one of the most important things you can do to protect your site when you begin, that and making sure the config.php file has permission 0644 also.