wheatblog-users — official mailing list for users of wheatblog app

[Wheatblog-users] Securing Wheatblog 1.x

[James M. <wh...@wh...>]

All,

We've had some attempts to remotely load certain sensitive files in the
Wheatblog (wB) application.  See the following news item for details on how
you can secure your install until we release a new version with increased
security:

http://sourceforge.net/forum/forum.php?forum_id=602189

I'll paste the text in here, for your convenience:

Those of you running Wheatblog (wB) 1.0 or 1.1 on Apache servers should
> consider using .htaccess files to add additional security to your wB install
> until we can release a new version of the application which addresses recent
> security concerns.
>
> In the "admin", "includes", and "classes" directories, create a text file
> called ".htaccess" (or edit the existing one, if there is one) and add the
> following directive:
>
> <Files ~ ".php$">
> Order allow,deny
> Deny from all
> </Files>
>
> Additionally, you should add these lines to whatever directory contains
> your "settings.php" file:
>
> <Files "settings.php">
> Order allow,deny
> Deny from all
> </Files>
>
> The wB development team is working on a new release with enhanced security
> features which will be released as soon as possible. Until then, these steps
> will prevent sensitive files from being loaded remotely.
>
> More information on .htaccess can be found here:
>
> http://en.wikipedia.org/wiki/Htaccess
>

Sincerely,

James Martin
Wheatblog project admin

-- 
wheatdesign.com

[Wheatblog-users] welcome

[James M. <whe...@gm...>]

Everyone,

Welcome to the wheatblog-users mailing list at sf.net.  Please use
this list to ask questions, propose solutions, suggest features, and
discuss concerns with the developers and other wheatblog users.  We
hope you enjoy using wheatblog as much as we enjoy creating it.

Wheat
wheatblog app project admin (and herder of cats)
-- 
wheatdesign.com