[TYPO3] Fileadmin got hacked
Elmar Hinz
elmar.DOT.hinz at team.MINUS.red.DOT.net
Sun Jan 22 23:45:10 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> If I set them all to 777, it all works good.
>
> If I set them all to 776, it still appears fine.
>
> If I set them all to 774, it works.
>
> If I set them all to 754, it works.
>
> If I set them all to 755, it works.
>
In all this cases the group (your server) can change into the directory.
> If I set them all to 766, it breaks.
>
Here it can not change into the direcotry. (Even Number for group).
> When I say it works, I mean that it displays in the front end.
>
> Right now, I set these to 755 and they are set at myusername:nobody .
>
> Is this safe?
755 is secure. 750 would be more secure. But with both you can't write to the
fileadmin by the BE.
With 775 or 770 you could write. This is also secure, if the server has a good
configuration. BUT if the server is itself badly configured it may be in this
cases that other users on the same server can write into your directory by using
the server.
>
> I ask because I had it set at 777 before and want to make sure I don't
> get leeches sucking up my bandwidth again with illegal paypal crud.
>
With 777 everybody can write into your directory. That is definitly NOT sure.
Regards
Elmar
- --
Climate change 2006 is killing people: floods in California, drought and fires
in Australia, Texas, Sahel, Oklahoma, South Africa. The Bush administration is
responsible for corruption of the Kyoto Protocol. The US majority is responsible
to the world for reelection of a convictable [...censored by Echelon...].
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFD1Ar2O976RNoy/18RAhWUAJ9OZzTOtfV0pnjr7BGch+oiH25bQACeO+8g
N9j/dgZDY3ZaU735GWIPwFI=
=gGue
-----END PGP SIGNATURE-----
More information about the TYPO3-english
mailing list