[TYPO3] Fileadmin got hacked
Heiner Lamprecht
heiner at heiner-lamprecht.net
Sun Jan 22 21:00:17 CET 2006
Hi,
On Sunday 22 January 2006 20:24, Dmitry Dulepov wrote:
>
> Gilles Deacur wrote:
> > That's what the prob was. Somewhere along the line it was set
> > at 777 for all those files.
> >
> > However, I now changed it to 664. They are set for "myusername
> > nobody".
> >
> > All other directories are set to "myusername myusername" and I
> > can enter them with my FTP client, but cannot get into those 4
> > directories with my FTP client.
> >
> > Also, my Typo3 backend won't load now. (Or frontend.) I get
> > this:
> >
> > /abc/def/ghi/typo3conf/localconf.php is not found!
>
> It looks like web server does NOT run as nobody. Seems like this
> is a reason why permissions were set to 777. Does it work if you
> change permissions back to 777?
I would _strongly_ recommend 755. There is no reason to enable
writing for the directories. But "executable" means, processes are
allowed to open the directory and cd into it.
Heiner
--
heiner at heiner-lamprecht dot net GnuPG - Key: 9859E373
Fingerprint: 3770 7947 F917 94EF 8717 BADB 0139 7554 9859 E373
More information about the TYPO3-english
mailing list