[TYPO3] Fileadmin got hacked
Gilles Deacur
tronno22556 at gmail.com
Sun Jan 22 23:16:31 CET 2006
Dmitry Dulepov wrote:
> Hi!
>
> Gilles Deacur wrote:
>
>>That's what the prob was. Somewhere along the line it was set at 777
>>for all those files.
>>
>>However, I now changed it to 664. They are set for "myusername nobody".
>>
>>All other directories are set to "myusername myusername" and I can enter
>>them with my FTP client, but cannot get into those 4 directories with my
>>FTP client.
>>
>>Also, my Typo3 backend won't load now. (Or frontend.) I get this:
>>
>>/abc/def/ghi/typo3conf/localconf.php is not found!
>
>
> It looks like web server does NOT run as nobody. Seems like this is a reason why
> permissions were set to 777. Does it work if you change permissions back to 777?
>
If I set them all to 777, it all works good.
If I set them all to 776, it still appears fine.
If I set them all to 766, it breaks.
If I set them all to 774, it works.
If I set them all to 754, it works.
If I set them all to 755, it works.
When I say it works, I mean that it displays in the front end.
Right now, I set these to 755 and they are set at myusername:nobody .
Is this safe?
I ask because I had it set at 777 before and want to make sure I don't
get leeches sucking up my bandwidth again with illegal paypal crud.
If it isn't safe, what do I need to do? And what do I need to get my
host to do?
>
>>I don't have access to chmod, so any username changes have to be done by
>>my host.
>
>
> So, you need to ask them to do this:
> chown -R yourusername:webservergroupname /abc/def/ghi
>
> Than you can set permissions as I posted earler.
>
>
>>Yesterday I had my host erase the fileadmin folder and install an old
>>version, and I'm sure the chmod and chown wasn't copied.
>
>
> Depends on their backup method.
>
> Dmitry.
More information about the TYPO3-english
mailing list