Hi All

A couple of days ago I received an email from paypal saying they thought my site had been compromised. They also gave me the location of the intrusion. It was in the cache folder. Someone had included a www directory and a whole paypal phishing site setup.

I could not delete any of the files so I contacted my hosting company (surpass) and they deleted the files for me. Surpass also said it looked like the files were uploaded from someone on the same shared server because of the 777 permissions set on the cache folder. They of course recommended changing the permissions on the folders with the 777 settings

Reading some of the posts on this forum I have tried to set the permissions on the cache, templates_c and uploads to 755 but that will not work under the current server setup.

I am running 2.2.5 rc2 and the protector module.

I have read posts about adding information to an htaccess file but I am not sure I fully understand exactly what I need to do to prevent this from happening again.

Can anyone give me some specific instructions on how to prevent this from happening again.

Any help would be appreciated.

Thanks

You could ask Surpass to phpsuexec your server like some of their other servers. They are probably planning on doing it, you should ask when.

Hope this helps a little,

John

Hi John

Thanks for the reply.

After reading your reply I attempted to set permissions on another surpass site located on a different shared server (newer). The new permissions settings on the new server worked. So, I then took your advice and have asked surpass if/when they plan on changing the older server to behave similarly to the new server.

In the meantime I still would like some help on htaccess code to include in the directories that XOOPS says need permissions set at 777.

Thanks

Foz

Instead of upgrading my current server, surpass offered to transfer my account to a phpsuexec server.

That process is now complete and I can now set the appropriate folders to 755. Hopefully this will prevent the ease with which access was made earlier.

Thanks for the suggestion John.