XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. XOOPS general usage questions 
  4.  / My website has been hacked ;-( ...
Register
11
theprof
Re: My website has been hacked ;-( ...

  • 2004/8/11 12:26

  • theprof

  • Quite a regular

  • Posts: 225

  • Since: 2004/7/14


peter, so the 644 works with XOOPS? all the modules and files will work properly?

If so, I have alot of work to be done....in changing permissions....

but I want to make sure that my modules and website will work properly before I do this..

12
peterr
Re: My website has been hacked ;-( ...

  • 2004/8/11 12:44

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Hi,

Well, my XOOPS website has only been up for 5 days, but I have used most of the functions in admin, added links, changed templates, themes, done a fair bit with config. changes, and added various blocks of code (html wrapped in the necessary PHP code), changed meus, added menu blocks in manually.

So, as far as I know, this all works fine. The 644 is default permission on most servers, and even the previous hosts I was with, I used 644's for any PHP applications, osCommerce, Drupal, Mambo, phpwebsite and a few others.

Most FTP clients let you select all the files in a path, and then you can do a mass permissions change. If you are concerned, possibly try and change all the files that reside ina particular module first, try that module, and then if that works without errors, continue to change/test other paths.

Peter
13
theprof
Re: My website has been hacked ;-( ...

  • 2004/8/11 14:32

  • theprof

  • Quite a regular

  • Posts: 225

  • Since: 2004/7/14


Question,

Does the MAIN folder for i.e. (Donations) OR (newbb) have to be chmod to 644, or just the files in it?

Cause I am noting everytime I try the 644 on my folders....it is casuing my index pages not to show...only shows when I have read/execute, I just tried the read only....the module page will not appear....

prof
14
jmass
Re: My website has been hacked ;-( ...

  • 2004/8/11 17:33

  • jmass

  • Friend of XOOPS

  • Posts: 524

  • Since: 2003/12/18


Folders need execute the files need 644. Anyone who tells you to chmod anything to 777 is WRONG. And you should be hacked for listening to him

JMass
15
Dave_L
Re: My website has been hacked ;-( ...

  • 2004/8/11 17:54

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


For server accounts that run "nobody", directories should typically be 755 and files should be 644.

Exceptions:
mainfile.php needs to be 444 (read-only) after installation.
The cache, templates_c and upload directories need to be 777 (writable), so that the script can add files to those directories.

If your server account runs as the same user who owns the files (using suExec, running as CGI, etc.), the permissions can be more restrictive (700 instead of 755 or 777, 600 instead of 644, 400 instead of 444).

The above applies to Linux servers only. Windows uses a different permission mechanism.
16
theprof
Re: My website has been hacked ;-( ...

  • 2004/8/11 19:41

  • theprof

  • Quite a regular

  • Posts: 225

  • Since: 2004/7/14


Good stuff dave, thats why I love XOOPS....this community is VERY helpful....

I have actually checked my cache settings as they were..I was running 774, and it has been working .....so I guess I keep it there

prof!
17
peterr
Re: My website has been hacked ;-( ...

  • 2004/8/12 0:53

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Hi,

Those permissions that Dave quoted for folders and files are spot on.

Quote:

theprof wrote:
I have actually checked my cache settings as they were..I was running 774, and it has been working .....so I guess I keep it there


As a general rule of thumb, yes, if it works on a lower CMOD, then by all means leave it as is.

Peter
18
MadFish
Re: My website has been hacked ;-( ...

  • 2004/8/12 4:04

  • MadFish

  • Friend of XOOPS

  • Posts: 1056

  • Since: 2003/9/27


Has anyone ever put together a faq or checklist on 'how to secure your XOOPS site' ?

There are a huge number of bits and pieces scattered through the forums and I make changes as I come across them, but at the same time its hard to know if have overlooked something, or could have done something better.

Thanks
« 1 (2)

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

230 user(s) are online (151 user(s) are browsing Support Forums)

Members: 0

Guests: 230

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits