[TYPO3] hacking / file permissions
Ries van Twisk
typo3 at rvt.dds.nl
Wed Jun 6 02:45:05 CEST 2007
hey Tracey,
you need to check how and what happens really closly.
Then you can possibly track back how you are getting hacked.
In any case, one advice is to NEVER set a file
to world writable. Ask your webhoster what the proper
permissions are for your user and group that runs
your server under. He should know, if he doesn't know
then find a a hoster that does know. But never make a
directory or file world writable.
Ries
On Jun 5, 2007, at 7:18 PM, Tracey Hummel wrote:
>
> I have a couple of typo3 sites on hostrockets.com that get hacked
> almost
> weekly. I've implemented as many of the security suggestions as
> possible
> in Security Cookbook at: http://typo3.org/teams/security/
>
> I tried setting all subdirectories to non-world writable even
> though this
> disables image and file uploads.
>
> Is there a list somewhere showing the necessary permissions for each
> subdirectory and that shows which files need to be world writable?
>
> Thank you,
> Tracey
>
>
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
--
Ries van Twisk
Freelance Typo3 Developer
email: ries at vantwisk.nl
web: http://www.rvantwisk.nl/
skype: callto://r.vantwisk
More information about the TYPO3-english
mailing list