Results 1 to 8 of 8
  1. #1
    Join Date
    Sep 2008
    Posts
    44

    * joomla website permission

    hi i have a reseller with some company most of my client use joomla as a portal for there website
    for 2 week now i get hack from a team they start site per site
    all they make change index code no more all i made i re upload the index
    i contact with the support team in hosting company and they help me sometime and in other case they say i have error in permission i make all folder with 755 and file with 644
    now i get yesterday a new hack " index code change "
    1- did there is a permission more secured ?
    2- the hacker say on there code they hack from server but the support say no what i can do
    3- did there an Enterprise security i can contact with him to Complaint the hacker " they use vb forum to teach people how they can hack
    sorry if my English is not good
    regards

  2. #2
    Join Date
    Mar 2009
    Location
    Gods Own Country
    Posts
    681
    You also have to ensure the ownership of the files/folders is the account user. If the server is suphp you are more secure. Most probably it might be using Apache mod_php module.

    The index files can also be uploaded using leaked FTP password.
    Fabin Mundattil @ Xieles Support
    High Quality Server Management | support @ xieles.com
    http://xieles.com

  3. #3
    Join Date
    Sep 2008
    Posts
    44
    how i can know the server is server is suphp
    if there is a way i can Prevention uploaded index file from other except me or the owner of hosting no more

  4. #4
    Join Date
    Dec 2010
    Posts
    35
    are you using ckforms on the joomla site? or any of them? Mine were recently hacked via that method. the ckforms 1.3.4 and older are vulnerable to sql injection.

  5. #5
    Join Date
    Jan 2003
    Location
    U.S.A.
    Posts
    3,911
    If your securing your folders and php files with 755 and 644 your doing everything right. I would make sure that your running the latest version of joomla and find out more information of how the index file is being changed. This information should be able to be retrieved from your support team. The other thing you want to make sure you do is change your passwords!

  6. #6
    Join Date
    Mar 2009
    Location
    Gods Own Country
    Posts
    681
    If your securing your folders and php files with 755 and 644 your doing everything right.
    The other accounts in the server can read the config.php in this case. This way they get the database connection settings.

    how i can know the server is server is suphp
    You need to ask your host about it. If the server is suphp, the folder can be 755, html files can be 644 and php files can be set to 640. This way config.php cannot be read by other users in the server.
    Fabin Mundattil @ Xieles Support
    High Quality Server Management | support @ xieles.com
    http://xieles.com

  7. #7
    Quote Originally Posted by mustafa abdo View Post
    how i can know the server is server is suphp
    Create a test php file and set the permissions to 777 and browse the file. If you are able to browse the file, the server isn't SuPHP enabled.

    Quote Originally Posted by mustafa abdo View Post
    if there is a way i can Prevention uploaded index file from other except me or the owner of hosting no more
    There are lots of things you need to look at, say, password of your account, directory permissions, injected files under your account, compromised server etc

    If you have changed the password and directory/file permissions are all correct, it's mostly the server is compromised and the hackers can easily replace the index files of all the accounts whenever they wish to.

    The only people who can help you out and make proper changes is your hosting provider as they have more than enough access to the server to check everything. Server wide changes helps to solve such issues more quickly than account wide changes.
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  8. #8
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,593
    just a little postscript:

    while get suphp or similar on the server is a great help to security, it isn't everything.

  9. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. Joomla install - best way to solve directory permission issues?
    By kreativ in forum Hosting Security and Technology
    Replies: 16
    Last Post: 12-23-2010, 01:56 AM
  2. Joomla Website Development
    By nkdweb in forum Employment / Job Requests
    Replies: 4
    Last Post: 04-12-2010, 09:41 AM
  3. Joomla-nized website!
    By mangosky in forum Web Design and Content
    Replies: 2
    Last Post: 01-12-2008, 12:07 PM
  4. Replies: 9
    Last Post: 09-20-2007, 11:04 AM
  5. Considering a host for Joomla website
    By Willdex in forum Web Hosting
    Replies: 16
    Last Post: 11-05-2006, 12:38 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •