11
ghia
Re: XOOPSdemos close your site !
  • 2009/1/7 0:29

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Quote:
That is really not necessary in a linux/unix environment, because You can protect the directory's other ways. In Microsoft ISS I think it's necessary.

No, both types of servers can be configurated to deny directory listings. The index.html files are provided for the case, it is not or can't be configured by the webmaster.

12
anderssk
Re: XOOPSdemos close your site !
  • 2009/1/7 6:59

  • anderssk

  • Quite a regular

  • Posts: 335

  • Since: 2006/3/21


All right - and thanks for clearing it out

13
webmystar
Re: XOOPSdemos close your site !
  • 2009/1/9 11:32

  • webmystar

  • Friend of XOOPS

  • Posts: 415

  • Since: 2008/6/23


nice to see your site is online again.

14
lapsa2000
Re: XOOPSdemos close your site !
  • 2009/1/9 21:33

  • lapsa2000

  • Quite a regular

  • Posts: 247

  • Since: 2006/10/27


After being hacked page, 3 days where he was hosting hacked too, received no news but I assume that the hack of the site, also be hosting the hack.

It was on line because the hosting upload a back up the entire system and there was, but the site is now closed. I do not know how to follow, for security problems.


Greetings!
Persevera...y seguiras
Perseverando !!!

15
vamptrix
Re: XOOPSdemos close your site !
  • 2009/1/9 21:42

  • vamptrix

  • Theme Designer

  • Posts: 424

  • Since: 2008/5/3 1


Are you able to remove all permissons on all modules or disallow any write attempt?
I used to use this account, but no longer.

16
lapsa2000
Re: XOOPSdemos close your site !
  • 2009/1/9 21:45

  • lapsa2000

  • Quite a regular

  • Posts: 247

  • Since: 2006/10/27


Quote:

vamptrix wrote:
Are you able to remove all permissons on all modules or disallow any write attempt?


yes,I am the site administrator and I can set these permissions, why you ask?
Persevera...y seguiras
Perseverando !!!

17
vamptrix
Re: XOOPSdemos close your site !
  • 2009/1/9 22:57

  • vamptrix

  • Theme Designer

  • Posts: 424

  • Since: 2008/5/3 1


Because that way, you can disallow write access for most files that don't need it, and secure your site even more.
I used to use this account, but no longer.

18
ghia
Re: XOOPSdemos close your site !
  • 2009/1/10 1:37

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Install Protector with xoops_lib and xoops_data outside the root.
Remove modules with known exploits as contenuedo, spaw editor, etc.
Find in your log files (Apache, Protector) the hack vector and remove that module. Mosttimes the requested URL contains a second http:// reference to another, external site.

19
trabis
Re: XOOPSdemos close your site !
  • 2009/1/10 9:13

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Quote:

lapsa2000 wrote:
After being hacked page, 3 days where he was hosting hacked too, received no news but I assume that the hack of the site, also be hosting the hack.

It was on line because the hosting upload a back up the entire system and there was, but the site is now closed. I do not know how to follow, for security problems.


Greetings!


Lapsa said that he thinks the host was hacked and that his site suffered with it. True is, that I could not find the malicious script and that in every page loading, the script was in action. I think this is plausible.

I could not find a way (using ftp) to change folder permissions, they are all set to 666 by default. Could not find my way to change folder permissions using plex control either.

20
ghia
Re: XOOPSdemos close your site !
  • 2009/1/10 9:33

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Seems he can use a better hoster too!

Login

Who's Online

55 user(s) are online (29 user(s) are browsing Support Forums)


Members: 0


Guests: 55


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits