1
Cuidiu
Security Questions
  • 2006/7/8 14:52

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Forgive the newbie-type questions but I've searched and some answers I couldn't find while others there seemed to be a variety of answers which ends up a bit confusing.

Other than folders requiring chmod of 777 like cache, templates_c, uploads, what should permissions for the rest of XOOPS folders (including modules, Frameworks, etc.) be set at for optimal security? I see many at 755, is that sufficient?

On another site (non XOOPS), a hacker broke into the site's admin (a cgi script for links) adding his links everywhere. Aside from banning his IPs, I also added the following to the .htaccess file within the admin folder to only allow webmaster and site owner IPs access to the admin:

Order Deny,Allow
Deny from all
Allow from xx.xx.xxx.xxx

This was advised by developers in the script's support forum and seems to work very well. Would something like the following be advisable for XOOPS admin.php files or would it be considered too extreme or cause problems?
<Files admin.php>
order deny,allow
deny from all
allow from xx
.xx.xxx.xxx
Files>

In modules/system/ .htaccess file, for example?

Thanks in advance!
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

2
Dave_L
Re: Security Questions
  • 2006/7/8 21:53

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


I don't think it would cause any problems. But not all admin functions are accessed through admin.php. Module admin functions, for example, might be accessed via any script in the module's /admin subdirectory.

3
Cuidiu
Re: Security Questions
  • 2006/7/9 0:01

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Thanks Dave_L. I appreciate the reply.

Quote:
Dave_L wrote:
I don't think it would cause any problems. But not all admin functions are accessed through admin.php. Module admin functions, for example, might be accessed via any script in the module's /admin subdirectory.
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

Login

Who's Online

280 user(s) are online (218 user(s) are browsing Support Forums)


Members: 0


Guests: 280


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits