21
brash
Re: Version 2.2 Stable Hacked
  • 2005/10/18 1:59

  • brash

  • Friend of XOOPS

  • Posts: 2206

  • Since: 2003/4/10


LazyBadger, you are the most arrogant, self absorbed and self-righteous individual I have every come across in my 30 years of being on this planet! Build a bridge and get over yourself, you are not the be all and end all of this community! Freedom of speech DOES NOT give you the right to chastise other members of this community. Are you familiar with legal terms as libel and defamination? You CAN be taken to court and sued depending on where you are in the world for comments such as you've been making about other members. Get a clue would you, they come free with a developed social conscience!
IT Headquarters
Innovative IT Solutions

22
davidl2
Re: Version 2.2 Stable Hacked
  • 2005/10/18 2:00

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


So, the issue is server side I presume.

Can someone, in polite (none-abusive) terms explain what the best course of action is in this case?

Is this a matter of changing host to a more secure one, or is it anything that we can fix on local XOOPS installs?

I would like to hear any constructive feedback on this question, but please note that abusive comments with no bearing on the problem are of no use to anyone.

23
davidl2
Re: Version 2.2 Stable Hacked
  • 2005/10/18 2:02

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


(And please note - I am not a coder, I am not an apache expert, I am just a simple XOOPS user who would like a simple language explanation of the best way to prevent this happening to my own sites!)

24
JMorris
Re: Version 2.2 Stable Hacked
  • 2005/10/18 3:13

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


Short and sweet and in plain english...

Please try chmod 755 on the cache/ templates_c/ and uploads/ directories. Make sure ALL files are chmod 644 except mainfile.php and any files that start with a "." Those should be chmod 444.

If your server is configured "correctly" this will work just fine. I have several sites I admin with these settings and I have 0 problems with these permissions. But then again, the hosts I use know how to configure their servers.

@LB,

Quote:
You try to close my mouth being covered by deviation from the theme of the forum? Well lets continue this speech in XOOPS.org Members Lounge, when all forums overloaded by empty offtopic chat and moders work as Censors instead of moders


Censors?! Perhaps you need to look up the definition for Moderator. Part of our job is ensuring that posts follow the guidelines set forth in XOOPSiquette.

Exactly how many times do you have to be reminded of the terms of XOOPSiquette before you finally follow the guidelines you agreed to when you registered.

I personally value your contributions to the XOOPS community and I see you as being very intelligent and (when you want to be) a valuable contributor to the community.

On the other hand, you can be just as detrimental to the community with your constant acusations and instigations. You are a liability to the overall moral of this site. Everyone but you sees this and acknowledges this.

When are you going to get off your high horse and be a team player?

Best Regards,

James
Insanity can be defined as "doing the same thing over and over and expecting different results."

Stupidity is not a crime. Therefore, you are free to go.

25
LazyBadger
Re: Version 2.2 Stable Hacked

Quote:

davidl2 wrote:
...
Can someone, in polite (none-abusive) terms explain what the best course of action is in this case?
...

Did you read my answer to phppp?
I wrote "3 Steps Guide to the Complete Happiness".
It's worm, which live on local drives, and infects ALL local html-files... I think, it's something from from well-known worm for phpbb forum... Any system can be vulnerable, in depends from a lot of details

Quote:
...best way to prevent this happening to my own sites!

Have and control own host. Нou must not entrust to anyone, but to yourself you can not entrust somewhat less than to the rest of the world
Quis custodiet ipsos custodes?

Webmaster of
XOOPS2.RU
XOOPS Modules Proving Ground
XOOPS Themes Exhibition

26
LazyBadger
Re: Version 2.2 Stable Hacked

Quote:

skalpa wrote:
...
Well, that's exactly what we're speaking of right now. The problems is that some "profesionnals" offer solutions with:
- No suexec
- Safe mode off
- No open_basedir or any similar restriction
Well, it's not proffessional, but businessman... And let's market will be best measure - if customers use this service, it will be in the same form forever.

Quote:

That's where the problem is... if there is no "jail", then giving group (and thus: apache) write access means you give any other customer write access

Do you have another vital solution? I want to have magic bullet too

Quote:

It's just about the way you speak man... "Lie or stupidity..." is not very educative.

I'm not a teacher and in not my areas I prefer to follow simple rule: "Lets' shoemaker judges not above shoes"

Quote:
on bad configs, without the correct restrictions, whatever mean you choose to enable apache to write (whether it's group or world or your sister in shorts) has the same result: it's deeply insecure.

Yers, but it doesn't mean, that we must have wide opened windows and doors if the battalion of the green berets doesn't guard us
Quis custodiet ipsos custodes?

Webmaster of
XOOPS2.RU
XOOPS Modules Proving Ground
XOOPS Themes Exhibition

27
m0nty
Re: Version 2.2 Stable Hacked
  • 2005/10/18 5:42

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


short of every1 buying a dedicated server and havin full control.. what other solutions are there? not every1 can afford their own server..

so how about maybe a checksum or file integrity check on the compiled templates & cache files? when they are compiled and made, a checksum is also made and stored either in db or in file.. maybe like md5sum etc.

if the file checksum is different to the one stored when the template is compiled, then it is deleted and a new template compiled? or would that cause a major loss of speed?

Login

Who's Online

261 user(s) are online (156 user(s) are browsing Support Forums)


Members: 0


Guests: 261


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits