At this moment in the installation process, SyndeoCMS is not secure! Both Windows and Linux users should remove the contents of the ./starnet/install directory. If this is not done, someone can do a new installation and ruin your site!
The remainder of this section is only applicable to Linux users or those users who host their schoolsite at an ISP (Internet Service Provider) that uses a *nix server.
|File upload SyndeoCMS||Visible on web||FTP/Plesk
Plesk = Multi-platform control panel for service providers, often used by users to manage their website.
FTP = File Transfer Protocol
Now, let's be practical. After a successfull installation, as a minimum you have to secure the /starnet/configurationn/database.inc.php file. During the installation this file's permissions were set to 0777. This means that everyone can see the loginname and password of your database.
To ensure the file is not world readable, change its permissions to 0400 (best) or 0640.
As root, go to the ./starnet/configuration/ directory and perform the following command:
# chmod 0400 database.inc.php
Check if your file has the right permissions with the 'ls -l' command. Here are some examples:
-rw-rw-rw- 1 www www 416 2004-10-28 20:13 database.inc.php
This is VERY INSECURE! The content of the database.inc.php file is world readable. A cracker can find yor database password and do bad things.
-r-------- 1 www www 416 2004-10-28 20:13 database.inc.php
This is secure. The file where the username and password of the database are kept cannot be seen by the outside world. The permission 0400 indicates that the file is only readable by the user 'www'.
If SyndeoCMS does not function with this tight permission, set it to 0640 and try again.
When you have SyndeoCMS hosted at an ISP, ask them for the securest permissions. By now you we assume you will have understand that a permissions ending on 7, 6, or 4 are absolutely unacceptable for the file database.inc.php. Acceptable are 0640 or 0660.
More security is needed. However, other files and directories need less tight permissions in order to upload files etcetera.
As root, go the document root and perform the following commands:
# chmod -R 0755 ./starnet/*
This will give all SyndeoCMS files and directories the reasonalble thight permissions.
To end we give a few tips to get thighter permissions.
NOTICE: It's a good idea to check the ownership of the httpd root directory 'htdocs' for example. It should have 0750 permissions and be owned by the webserver.
Do not forget to delete the contents of the /starnet/install directory.
And, last but not least, as a final check it's a good idea to run /starnet/syndeo_check.php. See SyndeoCMS check.
On some servers the PHP mail function can be disabled. You can check this by running the syndeo_check script see: SyndeoCMS check below. At the bottom of the page you find an email send option. You can send the email to yourself to check if sending emails works properly.
If the mailing doesn't work you can use SMTP , then you need to change the file /starnet/core/class.phpmailer.php with the following:
line 109: var $Mailer = "smtp";
Change the values of $Host, $Username and $Password according to your site , you may have to contact your provider/server administrator.