hi all ..
i have a forum ,,
and i detected this WARNING
warning: fopen() [function.fopen]: SAFE MODE Restriction In effect. The script whose uid is 515 is not allowed to acces /tmp/vbthumbAQTNwb owned by uid 99 in [path]/includes/class_image.php on line 333
warning: fopen(/tmp/vbthumbAQTNwb0 [function:fopen]: failed to open stream: succes in [path]/includes/class_image.php on line 333
please can any one tell me if any One can hack my forum by this WARNING
and how he can use it ?
and how i can protect it ?
please couse i warried about it ..
WARNING .. please help me .. :)
Moderator: General Moderators
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: WARNING .. please help me .. :)
I think the forum software tries to read temporary files and the software is not meant to work with safemode turned on.
-
mickeyunderscore
- Forum Contributor
- Posts: 129
- Joined: Sat Jan 31, 2009 9:00 am
- Location: UK
Re: WARNING .. please help me .. :)
Read up on safe mode: http://uk.php.net/features.safe-mode
This error does give clues to your architecture and therefore perhaps the framework you are using which may have security vulnerabilities that could be exploited.
You should turn off all error reporting on a live server, if you don't have access to php.ini, I rgink you can use the error_reporting() function. Or if you don't want to turn off error reporting, you can preceed the fopen() function with @ which will suppress this particular error.
A quick note on @: people will tell you it runs slow, but the speed difference in my opinion is negligible. Most of the execution time is consumed by the error, not the suppression of it. However, it is usually better to solve the error rather than hide/suppress it
This error does give clues to your architecture and therefore perhaps the framework you are using which may have security vulnerabilities that could be exploited.
You should turn off all error reporting on a live server, if you don't have access to php.ini, I rgink you can use the error_reporting() function. Or if you don't want to turn off error reporting, you can preceed the fopen() function with @ which will suppress this particular error.
A quick note on @: people will tell you it runs slow, but the speed difference in my opinion is negligible. Most of the execution time is consumed by the error, not the suppression of it. However, it is usually better to solve the error rather than hide/suppress it