Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : joomla website permission

[mustafa abdo]

hi i have a reseller with some company most of my client use joomla as a portal for there website
for 2 week now i get hack from a team they start site per site
all they make change index code no more all i made i re upload the index
i contact with the support team in hosting company and they help me sometime and in other case they say i have error in permission i make all folder with 755 and file with 644
now i get yesterday a new hack " index code change "
1- did there is a permission more secured ?
2- the hacker say on there code they hack from server but the support say no what i can do
3- did there an Enterprise security i can contact with him to Complaint the hacker " they use vb forum to teach people how they can hack
sorry if my English is not good
regards

[fabin]

You also have to ensure the ownership of the files/folders is the account user. If the server is suphp you are more secure. Most probably it might be using Apache mod_php module.

The index files can also be uploaded using leaked FTP password.

[mustafa abdo]

how i can know the server is server is suphp
if there is a way i can Prevention uploaded index file from other except me or the owner of hosting no more

[maksfs]

are you using ckforms on the joomla site? or any of them? Mine were recently hacked via that method. the ckforms 1.3.4 and older are vulnerable to sql injection.

[PogiWeb]

If your securing your folders and php files with 755 and 644 your doing everything right. I would make sure that your running the latest version of joomla and find out more information of how the index file is being changed. This information should be able to be retrieved from your support team. The other thing you want to make sure you do is change your passwords!

[fabin]

Quote:

If your securing your folders and php files with 755 and 644 your doing everything right.

The other accounts in the server can read the config.php in this case. This way they get the database connection settings.

Quote:

how i can know the server is server is suphp

You need to ask your host about it. If the server is suphp, the folder can be 755, html files can be 644 and php files can be set to 640. This way config.php cannot be read by other users in the server.

[madaboutlinux]

Quote:

Originally Posted by mustafa abdo

how i can know the server is server is suphp

Create a test php file and set the permissions to 777 and browse the file. If you are able to browse the file, the server isn't SuPHP enabled.

Quote:

Originally Posted by mustafa abdo

if there is a way i can Prevention uploaded index file from other except me or the owner of hosting no more

There are lots of things you need to look at, say, password of your account, directory permissions, injected files under your account, compromised server etc

If you have changed the password and directory/file permissions are all correct, it's mostly the server is compromised and the hackers can easily replace the index files of all the accounts whenever they wish to.

The only people who can help you out and make proper changes is your hosting provider as they have more than enough access to the server to check everything. Server wide changes helps to solve such issues more quickly than account wide changes.

[brianoz]

just a little postscript:

while get suphp or similar on the server is a great help to security, it isn't everything.