[TYPO3] hacking / file permissions

Tracey Hummel tracey at uainfo.arizona.edu
Wed Jun 6 03:59:02 CEST 2007


How does the upload of files from the fileadmin work without 
world-writable subdirectories?

Fantastico installs of typo3 appear to leave everything wide open.

Thank you,
Tracey




On Tue, 5 Jun 2007, Ries van Twisk wrote:

> hey Tracey,
>
> you need to check how and what happens really closly.
> Then you can possibly track back how you are getting hacked.
>
> In any case, one advice is to NEVER set a file
> to world writable. Ask your webhoster what the proper
> permissions are for your user and group that runs
> your server under. He should know, if he doesn't know
> then find a a hoster that does know. But never make a
> directory or file world writable.
>
> Ries
>
>
> On Jun 5, 2007, at 7:18 PM, Tracey Hummel wrote:
>
>>
>> I have a couple of typo3 sites on hostrockets.com that get hacked
>> almost
>> weekly.  I've implemented as many of the security suggestions as
>> possible
>> in Security Cookbook at: http://typo3.org/teams/security/
>>
>> I tried setting all subdirectories to non-world writable even
>> though this
>> disables image and file uploads.
>>
>> Is there a list somewhere showing the necessary permissions for each
>> subdirectory and that shows which files need to be world writable?
>>
>> Thank you,
>> Tracey
>>
>>
>> _______________________________________________
>> TYPO3-english mailing list
>> TYPO3-english at lists.netfielders.de
>> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>
> -- 
> Ries van Twisk
> Freelance Typo3 Developer
> email: ries at vantwisk.nl
> web:   http://www.rvantwisk.nl/
> skype: callto://r.vantwisk
>
>
>
>
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>


More information about the TYPO3-english mailing list