Some security messages from phpBB - help!

[ahal]

Um, excuse me if this turns out to be a totally ignorant posting lol but I'm a noob who doesn't want to get hacked to bits when I go live with a forum. I'm using H-Sphere and the forum software ( phpbb 3.0.7 ) is shooting up these messages at me:

Your config file (config.php) is currently world-writable. We strongly encourage you to change the permissions to 640 or at least to 644 (for example: chmod 640 config.php).

The other is about turning off 'Register_globals' ( phpAdmin I think? )

With the first one, would this be in the phpbb folder somewhere as seen through Filezilla? Just a case of opening with Wordpad and re-uploading the edited file?

As for the 'Register_globals', I really haven't a clue.

Any help much appreciated

Regards,

Tony.

PS: Tried asking my webhost several times - one of the bigger players - but to no avail.

 

[mneylon]

Your config file (config.php) is currently world-writable. We strongly encourage you to change the permissions to 640 or at least to 644 (for example: chmod 640 config.php).

You can probably change that using your FTP client - check for the CHMOD commands in the software's help menu

The other is about turning off 'Register_globals' ( phpAdmin I think? )

You can probably override that setting using a .htaccess file

 

[ahal]

Thanks as ever Blacknight. The first bit seems straighforward enough now that I know where to look, the hta access thingummy is one I'll have to look into a bit more. If I remember rightly my control panel gives an option for creating same, but I've been reluctant to create 'new' anything without knowing what I'm at lol

That's been a great help, thanks. Not quite as high a mountain as I thought

Regards,

Tony.

 

[ahal]

confused

Just a thought re: chmod ... if I'm not mistaken my host told me that's just applicable to UNIX machines?