Exploited or hacked? - Page 2

BigDaddy · February 16th, 2006, 12:07 PM

Awesoem thanks for the heads up as well as the solution Dave. I have found myself in the same issue once.

**David** · February 16th, 2006, 12:12 PM

Quote:

Originally Posted by davotoula

I have now carefully gone through all of my directories and files and have made sure that:

no foreign .htaccess files
no 777 directories
no 777 files
checked all my own php/html files for foreign blocks of code
rebuilt all dynamically generated content (from CMS)

Especially 777 directories seem to be dangerous so I recommend you to chmod them to 755 to stay safe.

My Movable Type installation seemed to be creating 777 directories by default so I had to change a config file to force it to create directories with 755 and files with 644.

It should also be known that not all scripts will work with 755 and need 777 to run, in particular those that allow avatar and image uploding.

h20ho · February 16th, 2006, 12:40 PM

Thanks for the Follow up David!

Anyone using Xoops please read the following docs and be aware that even though you mainfile is readable by the world if it is chmod 444 or 644, so change it to 404 or even better remove sensitive data from it.

chmod 707 your cache, uploads and templates dir's.
Check your public_html and make sure its 705 or if you cant then 404 your files.
Drop .htaccess files in your directorys
Turn off directory browsing
Change your table prefix's (protector module helps do this easily)

Your site is never safe but you can do alot to make it not worth taking the time to be hacked!... have fun as usual and back up often

http://xoops-tips.com/news-article.s...-81-page-0.htm
http://xoops-tips.com/xoopsfiles/Xoo...rity-Guide.pdf
http://xoops-tips.com/xoopsfiles/chmod.pdf

**davotoula** · February 16th, 2006, 12:43 PM

Good remark!

If a script requires to write to a directory then the directory has to be 777 in some cases.

My own MoweCam application requires this so I still have one 777 directory left.

I started with the most restrictive CHMOD settings and was loosing them up until the application started working again.

Regarding scripts:

I don't see any reason to mark script files as 777 as this makes them vulnerable for injection of malicious code. 755 at most should be sufficient.

If you have some funky scripts that update other scripts while being executed then I guess 777 may be necessary but then you will also be vulnerable when an evil script scans a compromised server for writable files to infect :-(

February 16th, 2006, 12:07 PM	#10 (permalink)
BigDaddy The Mommy Slayer Seasoned Poster Joined in Mar 2005 Lives in Pinellas, FL Hosted on Benz 83 posts Gave thanks: 0 Thanked 0 times	Re: Exploited or hacked? Awesoem thanks for the heads up as well as the solution Dave. I have found myself in the same issue once. __________________ "Your heart will always make itself known through your words." http://www.codedfuture.com A not-for-profit bringing the world to needy kids and families. See how you can help.

February 16th, 2006, 12:40 PM	#12 (permalink)
h20ho Registered User Seasoned Poster Joined in Dec 2005 Lives in BKK Hosted on pass49 34 posts Gave thanks: 0 Thanked 0 times	Re: Exploited or hacked? Thanks for the Follow up David! Anyone using Xoops please read the following docs and be aware that even though you mainfile is readable by the world if it is chmod 444 or 644, so change it to 404 or even better remove sensitive data from it. chmod 707 your cache, uploads and templates dir's. Check your public_html and make sure its 705 or if you cant then 404 your files. Drop .htaccess files in your directorys Turn off directory browsing Change your table prefix's (protector module helps do this easily) Your site is never safe but you can do alot to make it not worth taking the time to be hacked!... have fun as usual and back up often http://xoops-tips.com/news-article.s...-81-page-0.htm http://xoops-tips.com/xoopsfiles/Xoo...rity-Guide.pdf http://xoops-tips.com/xoopsfiles/chmod.pdf __________________ ______________ Pass49 http://teothai.com

February 16th, 2006, 12:43 PM	#13 (permalink)
davotoula Surpass Fan Comfy Contributor Joined in Oct 2004 148 posts Gave thanks: 2 Thanked 2 times	Re: Exploited or hacked? Good remark! If a script requires to write to a directory then the directory has to be 777 in some cases. My own MoweCam application requires this so I still have one 777 directory left. I started with the most restrictive CHMOD settings and was loosing them up until the application started working again. Regarding scripts: I don't see any reason to mark script files as 777 as this makes them vulnerable for injection of malicious code. 755 at most should be sufficient. If you have some funky scripts that update other scripts while being executed then I guess 777 may be necessary but then you will also be vulnerable when an evil script scans a compromised server for writable files to infect :-( __________________ David Kaspar \| SH60 Last edited by davotoula; February 16th, 2006 at 12:45 PM..

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)