- Posts: 10
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Delete subfolder in /tmp/assets and directory listing of some folders
- Thomas_T
- Topic Author
- Offline
- New Member
Less
More
3 years 1 month ago #211940
by Thomas_T
Delete subfolder in /tmp/assets and directory listing of some folders was created by Thomas_T
Hi everyone.
I have a question about some folders on my installed Limesurvey server.
I'm running Limesurvey 3.25.4 on Ubuntu 18.04.5.
Our Security Scanner found some folders and settings on my Limesurvey installation and declared them as a security risk.
On my Server there are several subfolder in the folder /tmp/assets with random names like 117445e0 or 49b271bf or db6085.
Can i delete these subfolder? Or will it crash my installation of Limesurvey?
The second question is about "directory listing" on some folders. Can i disable it globally in my webserver configuration or will this lead into an unstable state of my installation.
Folders for example: /test or /docs or /upload
Thanks in advance
Thomas
I have a question about some folders on my installed Limesurvey server.
I'm running Limesurvey 3.25.4 on Ubuntu 18.04.5.
Our Security Scanner found some folders and settings on my Limesurvey installation and declared them as a security risk.
On my Server there are several subfolder in the folder /tmp/assets with random names like 117445e0 or 49b271bf or db6085.
Can i delete these subfolder? Or will it crash my installation of Limesurvey?
The second question is about "directory listing" on some folders. Can i disable it globally in my webserver configuration or will this lead into an unstable state of my installation.
Folders for example: /test or /docs or /upload
Thanks in advance
Thomas
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11757
- Thank you received: 2753
3 years 1 month ago #211949
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Delete subfolder in /tmp/assets and directory listing of some folders
These assets are not "dangerous", they are created by Limesurvey to not always have to draw from the database, etc. If you delete them, Limesurvey will create them again. so this would be without end.
I'd say this is a false postive.
I'd say this is a false postive.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13935
- Thank you received: 2551
3 years 1 month ago #211965
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Delete subfolder in /tmp/assets and directory listing of some folders
> Our Security Scanner found some folders and settings on my Limesurvey installation and declared them as a security risk.
Lol
> The second question is about "directory listing" on some folders.
You can remove directoty listing in ALL folders.
If you use apache : we include htaccess with restriction
If you use nginx : see manual
manual.limesurvey.org/Installation_security_hints
Lol
> The second question is about "directory listing" on some folders.
You can remove directoty listing in ALL folders.
If you use apache : we include htaccess with restriction
If you use nginx : see manual
manual.limesurvey.org/Installation_security_hints
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- Thomas_T
- Topic Author
- Offline
- New Member
Less
More
- Posts: 10
- Thank you received: 0
3 years 1 month ago #212017
by Thomas_T
Replied by Thomas_T on topic Delete subfolder in /tmp/assets and directory listing of some folders
Hi.
Thanks for you quick responses. I disabled "directory listing" globally and wait for the next scan.
I think the security risk was made by my own
Thomas
Thanks for you quick responses. I disabled "directory listing" globally and wait for the next scan.
I think the security risk was made by my own
Thomas
The topic has been locked.