hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : joomla website permission
Reply

Forum Jump

joomla website permission

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 12-22-2010, 04:41 AM
mustafa abdo mustafa abdo is offline
Junior Guru Wannabe
 
Join Date: Sep 2008
Posts: 44
*

joomla website permission


hi i have a reseller with some company most of my client use joomla as a portal for there website
for 2 week now i get hack from a team they start site per site
all they make change index code no more all i made i re upload the index
i contact with the support team in hosting company and they help me sometime and in other case they say i have error in permission i make all folder with 755 and file with 644
now i get yesterday a new hack " index code change "
1- did there is a permission more secured ?
2- the hacker say on there code they hack from server but the support say no what i can do
3- did there an Enterprise security i can contact with him to Complaint the hacker " they use vb forum to teach people how they can hack
sorry if my English is not good
regards



Sponsored Links
  #2  
Old 12-22-2010, 05:08 AM
fabin fabin is offline
Web Hosting Master
 
Join Date: Mar 2009
Location: Gods Own Country
Posts: 660
You also have to ensure the ownership of the files/folders is the account user. If the server is suphp you are more secure. Most probably it might be using Apache mod_php module.

The index files can also be uploaded using leaked FTP password.

__________________
Fabin Mundattil @ Xieles Support
High Quality Server Management | support @ xieles.com
http://xieles.com

  #3  
Old 12-22-2010, 06:03 AM
mustafa abdo mustafa abdo is offline
Junior Guru Wannabe
 
Join Date: Sep 2008
Posts: 44
how i can know the server is server is suphp
if there is a way i can Prevention uploaded index file from other except me or the owner of hosting no more

Sponsored Links
  #4  
Old 12-23-2010, 03:23 AM
maksfs maksfs is offline
Junior Guru Wannabe
 
Join Date: Dec 2010
Posts: 35
are you using ckforms on the joomla site? or any of them? Mine were recently hacked via that method. the ckforms 1.3.4 and older are vulnerable to sql injection.

  #5  
Old 12-23-2010, 04:26 AM
@Matt @Matt is offline
Web Hosting Master
 
Join Date: Jan 2003
Location: U.S.A.
Posts: 3,911
If your securing your folders and php files with 755 and 644 your doing everything right. I would make sure that your running the latest version of joomla and find out more information of how the index file is being changed. This information should be able to be retrieved from your support team. The other thing you want to make sure you do is change your passwords!

  #6  
Old 12-23-2010, 04:38 AM
fabin fabin is offline
Web Hosting Master
 
Join Date: Mar 2009
Location: Gods Own Country
Posts: 660
Quote:
If your securing your folders and php files with 755 and 644 your doing everything right.
The other accounts in the server can read the config.php in this case. This way they get the database connection settings.

Quote:
how i can know the server is server is suphp
You need to ask your host about it. If the server is suphp, the folder can be 755, html files can be 644 and php files can be set to 640. This way config.php cannot be read by other users in the server.

__________________
Fabin Mundattil @ Xieles Support
High Quality Server Management | support @ xieles.com
http://xieles.com

  #7  
Old 12-23-2010, 08:27 AM
madaboutlinux madaboutlinux is offline
Web Hosting Master
 
Join Date: Jul 2009
Posts: 1,543
Quote:
Originally Posted by mustafa abdo View Post
how i can know the server is server is suphp
Create a test php file and set the permissions to 777 and browse the file. If you are able to browse the file, the server isn't SuPHP enabled.

Quote:
Originally Posted by mustafa abdo View Post
if there is a way i can Prevention uploaded index file from other except me or the owner of hosting no more
There are lots of things you need to look at, say, password of your account, directory permissions, injected files under your account, compromised server etc

If you have changed the password and directory/file permissions are all correct, it's mostly the server is compromised and the hackers can easily replace the index files of all the accounts whenever they wish to.

The only people who can help you out and make proper changes is your hosting provider as they have more than enough access to the server to check everything. Server wide changes helps to solve such issues more quickly than account wide changes.

__________________
| LinuxHostingSupport.net
| Server Setup | Security | Optimization | Troubleshooting | Server Migration
| Monthly and Task basis services.
| MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  #8  
Old 12-24-2010, 08:07 AM
brianoz brianoz is offline
Web Hosting Master
 
Join Date: Nov 2004
Location: Australia
Posts: 1,527
just a little postscript:

while get suphp or similar on the server is a great help to security, it isn't everything.

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Joomla install - best way to solve directory permission issues? kreativ Hosting Security and Technology 16 12-23-2010 01:56 AM
Joomla Website Development nkdweb Employment / Job Requests 4 04-12-2010 09:41 AM
Joomla-nized website! mangosky Web Design and Content 2 01-12-2008 12:07 PM
If you post a link to a newspaper's website - do you need its permission? Host Ghost Web Design and Content 9 09-20-2007 11:04 AM
Considering a host for Joomla website Willdex Web Hosting 16 11-05-2006 12:38 PM

Related posts from TheWhir.com
Title Type Date Posted
Joomla Adds New Encryption Features, Streamlines Interface with Joomla 3.2 Release Web Hosting News 2013-11-06 15:22:58
Joomla Users Urged to Apply Critical Security Patch to Prevent Malware, Phishing Web Hosting News 2013-08-14 10:21:36
Open Source Content Management System Joomla Surpasses 36 Million Downloads Web Hosting News 2012-11-29 16:38:54
Joomla Hosting Study Shows Speed, Uptime Top Selling Points of a Web Host Web Hosting News 2012-11-07 15:06:36
Open Source Content Management System Joomla Releases Mobile-Friendly Joomla 3.0 with Bootstrap Web Hosting News 2012-09-27 15:40:27


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?