FileRack Security Scanner

Comprehensive security analysis of your FileRack installation

6
Checks Passed
0
Warnings
6
Failed Checks
50%
Security Score

Detailed Security Analysis

Click on each check to view detailed information and fix instructions:

Configuration File Permissions
Configuration files should be readable but not writable by web server

Details

Configuration file permissions are insecure. File should be readable but not writable by web server.

How to Fix

Set file permissions to 644: chmod 644 config/config.php

Set file permissions to 644: chmod 644 config/config.php
Documentation
Directory Listing Protection
Directory listings should be disabled to prevent file enumeration

Details

No .htaccess file found. Directory listings may be enabled.

How to Fix

Create .htaccess file with "Options -Indexes" directive

# Add to .htaccess file: Options -Indexes
Documentation
PHP Error Display
PHP errors should not be displayed to users in production

Details

Error display is disabled (secure)

Session Cookie Security
Session cookies should be secure and HTTP-only

Details

Session cookies lack security flags

How to Fix

Set session.cookie_httponly = 1 and session.cookie_secure = 1 in php.ini

Documentation
Database Connection Security
Database should be accessible with proper credentials

Details

Database connection failed - check credentials and server status

How to Fix

Verify database credentials and ensure MySQL service is running

Documentation
HTTPS/SSL Encryption
Site should use HTTPS encryption for secure data transmission

Details

Site is using HTTPS encryption

Sensitive File Protection
Sensitive configuration files should be protected from direct access

Details

No sensitive files found in web root

File Upload Security
Upload directories should prevent execution of uploaded files

Details

Upload directory may allow execution of uploaded files

How to Fix

Add .htaccess to upload directory with "php_flag engine off"

# Add to .htaccess file: php_flag engine off
Documentation
PHP Version Security
PHP version should be current and receiving security updates

Details

Current PHP version: 8.2.29. Version is reasonably current

Database User Privileges
Database user should have minimal required privileges

Details

Database user privileges verified

Admin Password Security
Admin passwords should be properly hashed and strong

Details

Admin password is properly hashed

Security Headers
Security headers should be set to protect against common attacks

Details

0 of 3 recommended security headers are set

How to Fix

Add security headers via .htaccess or server configuration

# Add to .htaccess file: Header always set X-Content-Type-Options nosniff Header always set X-Frame-Options DENY Header always set X-XSS-Protection "1; mode=block"
Documentation

Security Recommendations

High Priority

  • • Enable HTTPS with valid SSL certificate
  • • Update PHP to latest stable version
  • • Implement strong password policies
  • • Regular security updates

Medium Priority

  • • Add security headers
  • • Secure file upload handling
  • • Database privilege review
  • • Error reporting configuration
Back to Dashboard Print Report Re-run Scan