Announcement

Collapse
No announcement yet.

Security & File Permission Help

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Security & File Permission Help

    Hi
    I've received the following from my site host and I'm not sure how to implement the changes, could someone please advise me how to do this please?

    "As part of your service, Easyspace regularly scans our webservers for potential threats and security concerns. Unfortunately in our most recent scan, we have identified some files and folders which have permissions set which could pose a security risk to your website, including but not limited to site defacement.

    It could be that things have been set this way on purpose, quite often software vendors require that 777 or 775 permissions are setup on particular folders in order for the software install to function correctly. Examples of software which require this are; Actinic shops; CMS like Xoops, Mambo / Joomla and Wordpress; f! ile upload scripts' message boards like phpBB and guest books.

    We have recently implemented security changes which now mean that all scripts, CGI, PHP etc. hosted on these systems no longer need these additional permissions. All of your scripts should run just fine with the default permissions when you upload them.

    When files are uploaded to the webspace via an ftp client, the permissions will no longer need to be changed from the default 644 for your applications to work. Further to this however, sometimes the application may create a session cookie with 777 or 775 permissions, we would ask that you either alter the application code to prevent the files being created with these permissions or move the content out of the web accessible space. You may wish to contact your web developer or application provider for help with this.

    We have identified the following files / folders within your webspace which are set to World and Group-Writeable and wou! ld ask that you update the permissions on these files appropriately:

    /www/acatalog/error.err

    Usually you can recursively change the permissions on a folder via your ftp client, this will allow the files within the folder to inherit the folder permissions preventing you from having to manually alter the permissions for every individual file.


    Any advice would be greatly appreciated.
    Julie
    www.toys-to-you.co.uk

    #2
    Julie


    Your site has been attacked. Please contact Actinic Support ASAP. Both Google and Firefox are reporting this.

    Comment


      #3
      Your site has been attacked. Please contact Actinic Support ASAP.
      the site isn't hosted by Actinic, it probably hasn't got anything to do with actinic software. More that likely its a local vulnerability.

      Best to take the live site down right now, clear out your hosting space and put up a holding page as it may take a day or so to clear your pc.

      Run virus checks, malware/spyware checks on your pc - make absolutely sure you pc is clean then do a purge/refresh.

      There are plenty of posts from others who have experienced the same thing recently.

      Comment


        #4
        I know that the site has been attacked but according to Google today it is now clear.
        What I need to know is how to change these file permissions as specified by Easyspace as one way to prevent another attack.
        Thanks.
        Julie

        Comment


          #5
          The file permissions are required in order for actinic to run correctly, not a lot if anything you can do about that AFAIK.

          Comment


            #6
            Originally posted by toystoyou View Post

            /www/acatalog/error.err


            Any advice would be greatly appreciated.
            Julie
            www.toys-to-you.co.uk
            Hi Julie

            That particular file that they have identified should work ok with the change they recommend, which removes executable permissions from the file, as it is an error reporting file it has no need to be executable. Usually you will have some form of control panel from which you can access your web site to carry out these types of changes, however I do not know the host involved but I should think a call to their help desk would illicit the information you need.

            Actinic support should be able to confirm that changing the permissions is OK, try the free email support (from their web site) if you do not have a support contract.

            Malcolm

            SellerDeck Accredited Partner,
            SellerDeck 2016 Extensions, and
            Custom Packages

            Comment


              #7
              Originally posted by toystoyou View Post
              I know that the site has been attacked but according to Google today it is now clear.
              What I need to know is how to change these file permissions as specified by Easyspace as one way to prevent another attack.
              Thanks.
              Julie
              This is not strictly true, judging by the recent experience of other community members who's sites had been similarly attacked the vulnerability was on their pc.

              You should first ask easyspace if its a serverwide hack or a site hack. if its a site hack you should follow my advise in my previous post

              Comment


                #8
                Thanks everyone for your help.
                Jo - I've run a virus check on my PC, spyware check, malware check, etc. and it comes up totally clean. I've done this several times recently and it's continually coming up clean.
                So as you advised I'll go to Easyspace and check with them if it's a serverwide hack or not.
                Many thanks everyone.
                Julie
                www.toys-to-you.co.uk

                Comment


                  #9
                  I have now had my second confirmation from Google that my site is clean - thank god!
                  I contacted Easyspace and they claim it must be down to the file permissions. Could this be, given that the only page they say is a problem is an error page?
                  Julie

                  Comment


                    #10
                    If Google have confirmed the site is clean, it's still showing as attacked in FF and IE http://safebrowsing.clients.google.c...-to-you.co.uk/
                    Reusable Snore Earplugs : Sample Earplugs - Wax Earplugs - Women's Earplugs - Children's Earplugs - Music Earplugs - Sleep Masks

                    Comment


                      #11
                      it would seem that www.toys-to-you.co.uk is clean as confirmed by google, but www.toys-to-you.co.uk/acatalog has got 5 pages that are downloading malware as of 2/10/09 according to google.
                      Would it be ok for me to remove the infected pages and replace them and reupload the site or is that just me being hopeful of a simple solution?
                      Julie

                      Comment


                        #12
                        Originally posted by pinbrook View Post
                        Best to take the live site down right now, clear out your hosting space and put up a holding page as it may take a day or so to clear your pc.

                        Run virus checks, malware/spyware checks on your pc - make absolutely sure you pc is clean then do a purge/refresh.

                        There are plenty of posts from others who have experienced the same thing recently.
                        The advice i gave several days ago still stands....

                        Comment


                          #13
                          Please clarify file permissions

                          I am aware that the online folder or "acatalog" should have the (777) - drwxrwxrwx permissions. And the cgi-bin folder should be the one with (755) - drwxr-xr-x

                          However what about the files inside those folders? Inside my acatalog folder for example I can see files with 644 permissions, others with 200 permissions.

                          When Actinic uploads files to the server (Linux in this case) do they end up with the permissions that Actinic wants them to have, or can the server have been configured so that it changes the permissions of files that are uploaded.

                          Hendrik

                          My copy of Linux for Dummies is winging its way here from Amazon, as I type this

                          Comment


                            #14
                            Hi - did you resolve this problem? one of our customers just pointed out that their email address (along with thousands of others) were up there in the public domain, in that error file. I want to make the file private but can't seem to do that with my ftp software....

                            cheers

                            Nick

                            Comment

                            Working...
                            X