[Typo3] security: close your directories
Steffen Müller
steffen at mail.kommwiss.fu-berlin.de
Sat Oct 1 01:30:05 CEST 2005
Hi.
On 30.09.2005 19:33 stefano cecere wrote:
> after having been hacked in one of my typo3 sites (they got in and
> changed some cached files), i'm giving more than an eyes on security..
>
> i discovered that my (but also some of other websites) typo3temp and
> fileadmin were not "closed" by "Options -Index" or other..
>
1) The fact that your files have been hacked by someone else does _not_
depend on Option -Index. It depends on the file and directory
permissions and if others do have access to your machine.
2a) http://wiki.typo3.org/index.php/Security
2b)
http://typo3.org/documentation/document-library/doc_core_inside/Default_security_inc/
3) This is not a typo3 specific issue. In any case you are serving pages
with Apache, you need to take care of your files.
Since I realized, that I could have hacked hundrets of people within a
few minutes, I'm giving more than an eye on security ;-)
--
cheers,
Steffen
More information about the TYPO3-english
mailing list