1
eejut
What attributes should this folder be set too?
  • 2006/11/20 21:20

  • eejut

  • Just popping in

  • Posts: 86

  • Since: 2005/5/16


Hello,having been hacked again for the 2nd time with the protection module enabled also ,they were able to upload a html index page to my uploads folder with the usual 'hacked by some nomark twat'
Now the thing is ..while this happemd i could navigate to my www.mywebsite.com/UPLOADS and it showed all my downloads now can anyone tell me what attributes this folder should be set too?, when i looked it was set to 777 now iam sure this cannot be correct or anyone would be able to bypass the sites registration and go to www.blahhblahh.com/uploads and just simply download and graze as they think fit
I have tried to change it to a few others but its not showing images in the forum because there are in the uploads folder too any help would be cool
many thanks

2
m0nty
Re: What attributes should this folder be set too?
  • 2006/11/20 21:33

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


add a blank index.html file to the uploads folder

chmod should be 777.

altho if your server is running with php in CGI mode under phpsuexec, then you should be able to set 755 permissions.

3
tripmon
Re: What attributes should this folder be set too?
  • 2006/11/20 21:38

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


you may also want to set your server so that it does not display directory listings.

for apache you can add :
Options -Indexes

to your .htaccess file.

4
eejut
Re: What attributes should this folder be set too?
  • 2006/11/20 21:49

  • eejut

  • Just popping in

  • Posts: 86

  • Since: 2005/5/16


Hi, thanks for your replies
m0nty
i have added a blank index.html back to the uploads folder
tripmon
so all i do is Options -Indexes in the .htaccess file ?
and that will stop bare dir's being shown?

so is 777 correct then? the public can read write and execute?

[edit]
Also,as i have the protection module running , how can i stop them upping another file and doing it again?
thanks

Login

Username:
Password:

Lost Password? Register now!

Who's Online

70 user(s) are online (45 user(s) are browsing Support Forums)


Members: 0


Guests: 70


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jan 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits