[Typo3] server hacked // report.php

Christoph Koehler christoph.koehler at gmail.com
Thu Jul 21 23:38:40 CEST 2005


I wish I had command line access, but I only have FTP. I will see if the  
support stuff is willing to help me there though.
Thanks for the suggestions!



On Thu, 21 Jul 2005 15:51:16 -0500, Dmitry Dulepov <typo3 at fm-world.ru>  
wrote:

> Hi!
>
> Should be 755 for all typo3 directories except those I mentioned before.
> And file owner should be you, not Apache. You can check it with "ls -al"
> command. For those three directories it is best to set rights
> recursively to 775 and owner information to user:apache, where user is
> your login name. Thus only you can write to typo3 folders and only you
> and Apache can write to fileadmin|uploads|typo3temp folders.
>
> I would actually remove write permission even for user from most of
> typo3 directories since noone should modify core files... Thus your
> installation would be the most secure.
>
> What else you can check? Check that enable_url_fopen is disabled in php
> (easy to check with phpinfo function). This caused many hacked sites
> because allows to execute external script as it was internal.
>
> Dmitry.
>



More information about the TYPO3-english mailing list