Preventing Hackers? Any tips?

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Post Reply
carasmo
Power Poster
Power Poster
Posts: 506
Joined: Thu Feb 08, 2007 6:11 pm

Preventing Hackers? Any tips?

Post by carasmo »

Hello,

I had a site I made with Joomla and this weekend it was hacked and some core files were removed. Luckily I was working on a CMSMS version of the same site (CMSMS IS THE BEST!!) and simply changed the config file and I was up and running. Now I'm concerned as this software gains popularity, what I can do to prevent jerks from messing it up.



Best,
Christina
Last edited by carasmo on Tue Apr 03, 2007 5:56 pm, edited 1 time in total.
Top
reidjazz

Re: Preventing Hackers? Any tips?

Post by reidjazz »

How did the hackers gain access?
Top
carasmo
Power Poster
Power Poster
Posts: 506
Joined: Thu Feb 08, 2007 6:11 pm

Re: Preventing Hackers? Any tips?

Post by carasmo »

With the joomla site, I have no idea. Some core pages that were in the includes folder were missing. That same weekend the server was hit with a ddos attack. It's been so long that I really don't remember much about Joomla, except that I read that they have fairly weak security or some of the modules do.
Top
User avatar
Dr.CSS
Moderator
Moderator
Posts: 12711
Joined: Thu Mar 09, 2006 5:32 am

Re: Preventing Hackers? Any tips?

Post by Dr.CSS »

You may have noticed the security thread in joomla is the most popular, and there isn't one here...

Been using it for over a year and not one hack/security problem....
Top
web-guy
New Member
New Member
Posts: 8
Joined: Mon Apr 02, 2007 8:08 am

Re: Preventing Hackers? Any tips?

Post by web-guy »

So one quick question then...

I've removed the install folder after installation... but alot of my folders
are chomded to 777.  Which do I want to set to 777 and which do I want to
set to 755 (is that it?).

I guess I really want to know, now that I have installed cmsms how do I
secure it further.  I have removed the installation folder but what more can I do?

Thank you!!!!

By the way, I've been reading that this CMS is a lite CMS.
I couldn't disagree more.  This little guy is a power house.
Like Pikachu... pika pika!! ::)

Thx.
Top
cyberman

Re: Preventing Hackers? Any tips?

Post by cyberman »

carasmo wrote: what I can do to prevent jerks from messing it up.
That's easy - take a look a the bible

"You should have no other gods beside me (=CMSMS)."

Not sure if this is the correct translation.

It's every time a risk to use external software at the same account like CMSms. Sometimes (like on Joomla) it's open a doors so CMSms is unsecure too ...
Last edited by cyberman on Thu Apr 05, 2007 6:34 am, edited 1 time in total.
Top
cyberman

Re: Preventing Hackers? Any tips?

Post by cyberman »

web-guy wrote: Which do I want to set to 777 and which do I want to set to 755 (is that it?).
Set config.php to 444. Think you have to try the correct settings for the other 777 chmoded folders step by step cause sometimes it depends on some server settings.

For instance /uploads folder has 664. This should be the securest solution for all folders inside /tmp.
Top
carasmo
Power Poster
Power Poster
Posts: 506
Joined: Thu Feb 08, 2007 6:11 pm

Re: Preventing Hackers? Any tips?

Post by carasmo »

I set uploads to 664 from 755 and no images inside that folder show up on the site.
Top
cyberman

Re: Preventing Hackers? Any tips?

Post by cyberman »

As I said 664 is securest solution. But there are some server settings which impede that value so you have to try the right value for YOUR install step by step ...
Top
Post Reply

Return to “CMSMS Core”