Back to limesurvey.org

Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Delete subfolder in /tmp/assets and directory listing of some folders

  • Thomas_T
  • Thomas_T's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 years 4 months ago #211940 by Thomas_T
Delete subfolder in /tmp/assets and directory listing of some folders was created by Thomas_T
Hi everyone.

I have a question about some folders on my installed Limesurvey server.
I'm running Limesurvey 3.25.4 on Ubuntu 18.04.5.

Our Security Scanner found some folders and settings on my Limesurvey installation and declared them as a security risk.

On my Server there are several subfolder in the folder /tmp/assets with random names like 117445e0 or 49b271bf or db6085.
Can i delete these subfolder? Or will it crash my installation of Limesurvey?

The second question is about "directory listing" on some folders. Can i disable it globally in my webserver configuration or will this lead into an unstable state of my installation.
Folders for example: /test or /docs or /upload

Thanks in advance
Thomas
The topic has been locked.
  • holch
  • holch's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 4 months ago #211949 by holch
Replied by holch on topic Delete subfolder in /tmp/assets and directory listing of some folders
These assets are not "dangerous", they are created by Limesurvey to not always have to draw from the database, etc. If you delete them, Limesurvey will create them again. so this would be without end. ;-)

I'd say this is a false postive.
Help us to help you!
  • Provide your LS version and where it is installed (own server, uni/employer, SaaS hosting, etc.).
  • Always provide a LSS file (not LSQ or LSG).
Note: I answer at this forum in my spare time, I'm not a LimeSurvey GmbH employee.
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team & Official Partner
  • LimeSurvey Community Team & Official Partner
More
4 years 4 months ago #211965 by DenisChenu
Replied by DenisChenu on topic Delete subfolder in /tmp/assets and directory listing of some folders
> Our Security Scanner found some folders and settings on my Limesurvey installation and declared them as a security risk.

Lol

> The second question is about "directory listing" on some folders.

You can remove directoty listing in ALL folders.

If you use apache : we include htaccess with restriction
If you use nginx : see manual


www.limesurvey.org/manual/Installation_security_hints
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
  • Thomas_T
  • Thomas_T's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 years 4 months ago #212017 by Thomas_T
Replied by Thomas_T on topic Delete subfolder in /tmp/assets and directory listing of some folders
Hi.

Thanks for you quick responses. I disabled "directory listing" globally and wait for the next scan.
I think the security risk was made by my own :(

Thomas
The topic has been locked.
Moderators: tpartnerholch

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source