[TYPO3] Fileadmin got hacked
Gilles Deacur
tronno22556 at gmail.com
Mon Jan 23 02:32:15 CET 2006
Elmar Hinz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>>>I set it (all 4 folders in question) to 750 and still can see the front
>>>end and back end.
>>
>>>So I uploaded a picture to a fileadmin folder and it went, but the image
>>>is overwritten with "no thumb generated!"
>>
>
> You probably uploaded with FTP using your rights as the user.
> Thumb could not be generated because the server (the group) is not allowed to write.
Interesting point, but I uploaded the pictures just then with the
backend of Typo3.
I notice in fileadmin, some subfolders are "myusername:nobody" and
others are "nobody:nobody".
The subfolder in question that I tested in was a "myusername:nobody" type.
>>
>
>
> Never use 777. Use 770 and you have it, if your server isn't to badly configured.
I used 770 and the thumbs are being generated fine.
So, 770 gives owner and group full permissions, but should stop people
from hijacking my folder, correct? I mean, without knowing my personal
password and stuff.
>
> Regards
>
> Elmar
>
>
> - --
> Climate change 2006 is killing people: floods in California, drought and fires
> in Australia, Texas, Sahel, Oklahoma, South Africa. The Bush administration is
> responsible for corruption of the Kyoto Protocol. The US majority is responsible
> to the world for reelection of a convictable [...censored by Echelon...].
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD4DBQFD1CrrO976RNoy/18RAgVYAJdzTo4cYSe9M90AuZkgzi4v+VDQAKCDMb92
> +BQzJlOg/OwPb+/MPcddAQ==
> =LCfE
> -----END PGP SIGNATURE-----
More information about the TYPO3-english
mailing list