Re: CHMOD question [Beginner's Corner] - XOOPS Web Application System

1

CHMOD question

2008/10/3 1:05
eireann
Just popping in
Posts: 89
Since: 2008/8/21

Recently my mainpage was hacked and the host company advised not to use insecure CHMOD settings like 777 or 755

If I set my portal to something less than 755 then it doent work.

Now the question.
To what should the XOOPS files and subdirectories be CHMODED so that they will still work and that crooks dont have an easy time getting in.

BTW: I have yesterday moved all files containing passwords and database access names like mainfile.php out of the public_HTML area.

2

Re: CHMOD question

2008/10/3 3:46
DarinAllan
Friend of XOOPS
Posts: 477
Since: 2005/5/18

I am pretty sure that mainfile.php should be in the root of your site (is with mine) and permissions should be set to 444, *most* other *files are 644 and *folders are generally 755 with only a couple of exceptions being 777, they were the cache folder and templates_c folder.

Sometimes with my host I don't seem to able able to change file permissions from Filezilla (FTP program) I need to go into CPanel and change permissions from there, but that's with my host, it may not be the same with yours.

Cheers ;o)

RoadNoize | The Goss | OzMS | NQR! | MS Buzz

3

Re: CHMOD question

2008/10/3 6:57
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Quote:

Sometimes with my host I don't seem to able able to change file permissions from Filezilla (FTP program) I need to go into CPanel and change permissions from there, but that's with my host, it may not be the same with yours.

This would mean you use different user credentials to log on in with FTP and cPanel, or your hoster differentiates this. In that case file ownership and permissions decide if the chmod is allowed or not. When files or folders are created by Apache (php), it may be that you can not change it from cPanel or FTP. It has to be changed then with a File manager from within XOOPS, altough I had once with some folders from Formulaire, which appeared unchangable that I had to open a ticket for it.

The art of asking questions.

4

Re: CHMOD question

2008/10/3 7:15
eireann
Just popping in
Posts: 89
Since: 2008/8/21

Thanks for the info.

I always use IE to enter the FTP area.
Then I rightclick ...Properties...and that gives me the permissions which can be changed at the same time.

For the mainfile.php:
Well, its still there but I have removed all its content.
Then I have defined a XOOPS_TRUST_PATH which is outside of the public_html area.
The data from inside the mainfile are in a different file inside the XOOPS_TRUST_PATH and are included when the mainfile.php is included.

Now, if someone hacks into my public_html, there are nowhere passwords or database names to be found.

5

Re: CHMOD question

2008/10/3 7:18
DarinAllan
Friend of XOOPS
Posts: 477
Since: 2005/5/18

@ Ghia thanks for the info, it's really only the mainfile.php that I have to adjust in CPanel file manager, I guess cos it's 444 I spose, anyway I will look into what you have said.

@ eireann Interesting!

Cheers ;o)

RoadNoize | The Goss | OzMS | NQR! | MS Buzz

6

Re: CHMOD question

2008/10/3 7:58
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Quote:

Now, if someone hacks into my public_html, there are nowhere passwords or database names to be found.

If the hack means uploading php code to your site, then the hacker has all read abilities of XOOPS, what would stop him from reading your passwords?

The art of asking questions.

7

Re: CHMOD question

2008/10/4 0:36
eireann
Just popping in
Posts: 89
Since: 2008/8/21

Well,
when I installed Webphoto I had propblems because I didnt understand the issue with that XOOPS_TRUST_PATH.

Here in this forum they explained to me that by using the XOOPS_TRUST_PATH people can make the site more safe and prevent hackers from getting sensitive data.

Now you tell me its all not true?

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

CHMOD question

Re: CHMOD question

Re: CHMOD question

Re: CHMOD question

Re: CHMOD question

Re: CHMOD question

Re: CHMOD question

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}