Page 1 of 1
Preventing Hackers? Any tips?
Posted: Tue Apr 03, 2007 5:33 pm
by carasmo
Hello,
I had a site I made with Joomla and this weekend it was hacked and some core files were removed. Luckily I was working on a CMSMS version of the same site (CMSMS IS THE BEST!!) and simply changed the config file and I was up and running. Now I'm concerned as this software gains popularity, what I can do to prevent jerks from messing it up.
Best,
Christina
Re: Preventing Hackers? Any tips?
Posted: Tue Apr 03, 2007 6:05 pm
by reidjazz
How did the hackers gain access?
Re: Preventing Hackers? Any tips?
Posted: Tue Apr 03, 2007 6:16 pm
by carasmo
With the joomla site, I have no idea. Some core pages that were in the includes folder were missing. That same weekend the server was hit with a ddos attack. It's been so long that I really don't remember much about Joomla, except that I read that they have fairly weak security or some of the modules do.
Re: Preventing Hackers? Any tips?
Posted: Thu Apr 05, 2007 1:04 am
by Dr.CSS
You may have noticed the security thread in joomla is the most popular, and there isn't one here...
Been using it for over a year and not one hack/security problem....
Re: Preventing Hackers? Any tips?
Posted: Thu Apr 05, 2007 5:50 am
by web-guy
So one quick question then...
I've removed the install folder after installation... but alot of my folders
are chomded to 777. Which do I want to set to 777 and which do I want to
set to 755 (is that it?).
I guess I really want to know, now that I have installed cmsms how do I
secure it further. I have removed the installation folder but what more can I do?
Thank you!!!!
By the way, I've been reading that this CMS is a lite CMS.
I couldn't disagree more. This little guy is a power house.
Like Pikachu... pika pika!!
Thx.
Re: Preventing Hackers? Any tips?
Posted: Thu Apr 05, 2007 6:18 am
by cyberman
carasmo wrote:
what I can do to prevent jerks from messing it up.
That's easy - take a look a the bible
"You should have no other gods beside me (=CMSMS)."
Not sure if this is the correct translation.
It's every time a risk to use external software at the same account like CMSms. Sometimes (like on Joomla) it's open a doors so CMSms is unsecure too ...
Re: Preventing Hackers? Any tips?
Posted: Thu Apr 05, 2007 6:28 am
by cyberman
web-guy wrote:
Which do I want to set to 777 and which do I want to set to 755 (is that it?).
Set config.php to 444. Think you have to try the correct settings for the other 777 chmoded folders step by step cause sometimes it depends on some server settings.
For instance /uploads folder has 664. This should be the securest solution for all folders inside /tmp.
Re: Preventing Hackers? Any tips?
Posted: Fri Apr 06, 2007 3:42 am
by carasmo
I set uploads to 664 from 755 and no images inside that folder show up on the site.
Re: Preventing Hackers? Any tips?
Posted: Fri Apr 06, 2007 4:09 am
by cyberman
As I said 664 is securest solution. But there are some server settings which impede that value so you have to try the right value for YOUR install step by step ...