There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Web Design & Development
Go to first new post Where does one start?
Go to first new post JavaScript help
Go to first new post HTML Mailers
Go to first new post No image available - default image displ ...
Go to first new post Need help with Dreamweaver CS4
Go to first new post Solved: IE8 Won't Display .gif Images On ...
Go to first new post Solved: Php and mySql
Go to first new post Displaying jpg images in PHP
Tag Cloud
access acer asus bios bsod computer crash dns drive driver drivers error ethernet excel freeze games gaming graphics hard drive hardware hdmi internet java laptop malware memory monitor motherboard network printer problem ram random registry router slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Internet & Networking > Web Design & Development >
Our website got hacked. And I'm confused.

Reply  
Thread Tools
vidyaishaya's Avatar
Member with 80 posts.
  
Join Date: Oct 2001
06-Nov-2009, 07:27 PM #1
Question Our website got hacked. And I'm confused.
We had a hacker putting stuff in some folders
because they had 777 permissions.

I was able to find and remove all that stuff.
And I reset file and folder permissions.

I researched that files should be 644 and folders should be 755.

Which is what I did.

But now, I am getting error messages when my program attempts
to write to a file on the server. I have an empty folder called 'logs'

It's permissions are set to 755.

I have a program that attempts to create a file in there
by opening the file (in PHP) as "w" (writable)

But it gets kicked out with an error message:
Warning: fopen(logs/editors_list.txt) [function.fopen]: failed to open stream: Permission denied

Huh? Since the folder is set at read/write/execute for the owner, and read/execute for the group and other, why doesn't this work?

I am sorely confused.

Thanks

....Burton Smith
__________________
__________________________________
Editor/Publisher of Web Wise News
http://www.webwisesage.com
Register for free to hide this ad!
maneetpuri's Avatar
Member with 124 posts.
  
Join Date: Oct 2008
07-Nov-2009, 09:03 AM #2
Hi,

You would need to have 777 permissions on the folder in which you want the scripts to be write the text or upload files. So do this and ask your hosting people to block all unwanted ports on your server so that the hackers can not get in and make sure that there is a system to identify that only authentic people get the access to the script for uploading files. And in the uploading script put checks on which all extension files can be uploaded on the server through these scripts.

Hope this helps,

Cheers,

~Maneet
vidyaishaya's Avatar
Member with 80 posts.
  
Join Date: Oct 2001
07-Nov-2009, 03:38 PM #3
Thanks, but...
The whole reason the hacker got in, in the first place, was that the folder permissions were 777.

I find it hard to believe that our webhost hadn't blocked all unwanted ports on our server. They're pretty good about this.

It wasn't through any of my scripts that the stuff was put there. It was definitely just put there because the folder permissions were 777.

So it sounds like what you saying is that our webhost hadn't blocked all unwanted ports on our server. This seems to be the only conclusion.

Thanks

....Burton
__________________
__________________________________
Editor/Publisher of Web Wise News
http://www.webwisesage.com
maneetpuri's Avatar
Member with 124 posts.
  
Join Date: Oct 2008
09-Nov-2009, 07:42 AM #4
Could be, and are you sure that on your website there is no option for users to upload some files etc?
vidyaishaya's Avatar
Member with 80 posts.
  
Join Date: Oct 2001
09-Nov-2009, 02:16 PM #5
Thanks
Thanks for your help. But we found the solution.

Turns out that the site in question was running PHP4, but when we changed it to run PHP5,
everything worked.

Yeah, I know that doesn't make sense, but obviously the webhost settings in PHP5 were different than in PHP4.

...Burton
__________________
__________________________________
Editor/Publisher of Web Wise News
http://www.webwisesage.com
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Web Design & Development | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 01:25 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.