Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
0 + 7 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
     

Re: Hacked
by svaha on 2007/3/25 18:48:25

Yes I do this on all of my sites, but if someone mananges to get an index.html file on your site, then the 444 of your index.php is of no use.
Re: Hacked
by wizanda on 2007/3/23 20:47:56

Also please make sure index.php of the root is 444 chmod so only readable; no one ever needs to write to it........that should be included with instructions as i found i needed to.
Re: Hacked
by aamjad2001 on 2007/3/23 19:06:50

so can yor friend still access his cpanel. or not. if someone can place an html file in his account that someone would then also be able t delete any from i t.
Re: Hacked
by svaha on 2007/3/23 15:37:56

Thanks for your reply, still looking into this.
Re: Hacked
by seventhseal on 2007/2/27 15:58:58

How would that help?

The real question is, how is the index.html file getting placed in root? And I am assuming the root of the site, not the root of the server. That's a security issue, not a XOOPS issue. I would recommend a few debugging things...

1. If you can't plug the "copy to root" hole, then I would turn off any uploads until you can get the site in a chrooted environment. Also, make sure ssh or telnet is turned off.

2. look at your log files - access.log and errors.log to determine what they are doing when the index.html is copied up. What URL, etc. is getting used.

3. If you are an apache site, and have control of the server, then install mod_security to apache. If you are in a shared environment, talk to your provider about what security switches can be turned on at the apache level.

4. Take an inventory of the mods you are using, make sure they are the recent versions, and not something old that may have a known vulnerability.

Bottom line, even if you copy a stub index.html file up there, my question would be, what prevents the upload and replacement of that file? Not knowing the settings of this particular server makes it difficult to answer, and really only with the generic obvious stuff...

Who's Online

257 user(s) are online (203 user(s) are browsing Support Forums)


Members: 0


Guests: 257


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits