المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : سكريبت Whmcs حل مشكلة Needing Attention Sensitive Directory Check /vendor



Rise Company
01-11-2020, 03:49
سكريبت Whmcs حل مشكلة Needing Attention Sensitive Directory Check /vendor

https://www.rise.company/upload/uploads/160419903864911.png



Needing Attention Sensitive Directory Check
One or more sensitive directories are accessible from the web:
/vendor
Please refer to our Further Security Steps (https://docs.whmcs.com/Further_Security_Steps#Vendor_Directory) for information.


يوجد اداة قم بتحميلها فى مسار whmcs ثم استدعى الرابط الخاص بها وشوف النتيجة التى هتظهر

هل مسار /vendor محمى ام لا

A verification tool has also been made available to assist in determining
if your web server environment is affected. This tool can be downloaded here (https://www.whmcs.com/download/1329/security_advisory_20200128_verification_tool.zip).

To use the tool, simply upload it to the root directory of your WHMCS installation
and then visit in a browser or run from the command line.
The tool will confirm if you are affected.

https://www.rise.company/upload/uploads/160419903898264.jpg
How to fix the vulnerability

The solution depends upon your web server environment and various configurations.

Apache Web Server Software

Apache is the recommended web server software platform to run WHMCS on. By default a .htaccess file is provided which in most cases should be sufficient to direct the Apache web server to disallow web based access to files within the vendor directory.
If you are running Apache and files remain accessible, please first ensure that the /vendor/.htaccess file exists, has appropriate ownership and permissions, and that it contains the following directive:


Deny from all

If files continue to remain accessible, then you will want to investigate if your Apache configuration has disabled the use of .htaccess files or if there is a parent configuration that is negating the directive in the provided .htaccess file.

حل المشكلة :

الحل فى ملف .htaccess والذى هتجده فى 3 اماكن

1- فى المسار public_html تاكد ان بداخله لايوجد كود غريب
2- فى مسار whmcs تاكد ان بداخله لايوجد كود غريب
3- داخل مسار whmcs تاكد فى vendor بداخله كود deny

حل المشكلة هو فى الغالب هتجد كود redirect للصفحات الخطا مثل 400, 401, 402, 403, 404
قم بازالة هذا الكود فى public_html او whmcs اذا وجدته او مثيل له.

النتيجة :

https://www.rise.company/upload/uploads/160419903891993.jpg

https://www.rise.company/upload/uploads/160419903884372.png

المرجع :
https://docs.whmcs.com/Security_Advisory_2020-01-28