Find your solution!

vidyaishaya · 06-Nov-2009, 06:27 PM #1

We had a hacker putting stuff in some folders
because they had 777 permissions.

I was able to find and remove all that stuff.
And I reset file and folder permissions.

I researched that files should be 644 and folders should be 755.

Which is what I did.

But now, I am getting error messages when my program attempts
to write to a file on the server. I have an empty folder called 'logs'

It's permissions are set to 755.

I have a program that attempts to create a file in there
by opening the file (in PHP) as "w" (writable)

But it gets kicked out with an error message:
Warning: fopen(logs/editors_list.txt) [function.fopen]: failed to open stream: Permission denied

Huh? Since the folder is set at read/write/execute for the owner, and read/execute for the group and other, why doesn't this work?

I am sorely confused.

Thanks

....Burton Smith

maneetpuri · 07-Nov-2009, 08:03 AM #2

Hi,

You would need to have 777 permissions on the folder in which you want the scripts to be write the text or upload files. So do this and ask your hosting people to block all unwanted ports on your server so that the hackers can not get in and make sure that there is a system to identify that only authentic people get the access to the script for uploading files. And in the uploading script put checks on which all extension files can be uploaded on the server through these scripts.

Hope this helps,

Cheers,

~Maneet

vidyaishaya · 07-Nov-2009, 02:38 PM #3

The whole reason the hacker got in, in the first place, was that the folder permissions were 777.

I find it hard to believe that our webhost hadn't blocked all unwanted ports on our server. They're pretty good about this.

It wasn't through any of my scripts that the stuff was put there. It was definitely just put there because the folder permissions were 777.

So it sounds like what you saying is that our webhost hadn't blocked all unwanted ports on our server. This seems to be the only conclusion.

Thanks

....Burton

maneetpuri · 09-Nov-2009, 06:42 AM #4

Could be, and are you sure that on your website there is no option for users to upload some files etc?

vidyaishaya · 09-Nov-2009, 01:16 PM #5

Thanks for your help. But we found the solution.

Turns out that the site in question was running PHP4, but when we changed it to run PHP5,
everything worked.

Yeah, I know that doesn't make sense, but obviously the webhost settings in PHP5 were different than in PHP4.

...Burton

Tag Cloud
access audio blue screen boot bsod connection crash dell desktop driver drivers dvd email error excel firefox hard drive hardware hdmi hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router screen slow sound spyware tdlwsp.dll trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for: