PKHG wrote:
Hallo,
Using an FTP-client for changing protection codes, I do not have the
possibility to set the guid bit (I mean chmod 2777) ?!
And (my) ftp direct does not have a chmod at all?
So that ‘trick’ is not possible for everybody?
Greetings
Peter
FireFTP
...@pmichaud.com
[mailto:pmwiki-users-boun...@pmichaud.com] Namens James M
Verzonden: dinsdag 23 december 2008 1:39
CC: pmwiki-users@pmichaud.com
Onderwerp: Re: [pmwiki-users] Security breach?
On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote:
Setting things to 755 is safer than 777
Using an FTP-client for changing protection codes,
I do not have the possibility to set the guid bit
(I mean chmod 2777) ?!
Maybe your PHP is set with safe_mode on?
And (my) ftp direct does not have a chmod at all?
This sounds quite odd (or I understand it wrong).
You mean that you cannot
...@pmichaud.com] *Namens *James M
*Verzonden:* dinsdag 23 december 2008 1:39
*CC:* pmwiki-users@pmichaud.com
*Onderwerp:* Re: [pmwiki-users] Security breach?
On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote:
Setting things to 755 is safer than 777. The question is, will that work
?
So that ‘trick’ is not possible for everybody?
Greetings
Peter
*Van:* pmwiki-users-boun...@pmichaud.com
[mailto:pmwiki-users-boun...@pmichaud.com] *Namens *James M
*Verzonden:* dinsdag 23 december 2008 1:39
*CC:* pmwiki-users@pmichaud.com
*Onderwerp:* Re: [pmwiki-users
-users@pmichaud.com
*Onderwerp:* Re: [pmwiki-users] Security breach?
On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote:
Setting things to 755 is safer than 777. The question is, will that work
on your site, with your host, with your version of PHP, with the setup
James M (2008-12-21 22:45):
I've just found that there are also similar mystery php files in the
pub/skins/W directory - and this does not have 777 permissions.
And the extra link had been written to W.tmpl in that skins directory.
How could that happen? It certainly wasn't me, and I'm the
Thanks for your comments Rogutes
I've just had a long conversation with tech support at my host (who are
excellent). What happens is that the hackers use the uploads directory
(with 777 permissions) to upload php files, and then it seems these php
files can be used to access other parts of the
What happens is that the hackers use the uploads directory
(with 777 permissions) to upload php files, and then it seems these php
files can be used to access other parts of the filesystem (if I
understood
...snip...
If a directory has 777 permissions, is there anything to stop someone
twiddling, changing permissions...
thx
adam
Message: 6
Date: Mon, 22 Dec 2008 10:25:35 -0500
From: DaveG pmw...@solidgone.com
Subject: Re: [pmwiki-users] Security breach?
To: jamesm1...@googlemail.com, pmwiki-users@pmichaud.com
Message-ID: 4a708741ac82d970e15efebd74de3...@solidgone.com
Content
adam overton (2008-12-22 13:00):
hi, is this true?
Either way, don't set
anything to 777.
b/c the installation instructions for pmwiki (http://pmwiki.org/wiki/
PmWiki/Installation) say setting uploads and wiki.d to 777. should
they be 775 instead? just wondering if there's any
, changing permissions...
thx
adam
Message: 6
Date: Mon, 22 Dec 2008 10:25:35 -0500
From: DaveG pmw...@solidgone.com
Subject: Re: [pmwiki-users] Security breach?
To: jamesm1...@googlemail.com, pmwiki-users@pmichaud.com
Message-ID: 4a708741ac82d970e15efebd74de3...@solidgone.com
without seeing something in print on the site that says everything
is going to just fine if ___, know what i mean?
thx again!
adam
Message: 3
Date: Tue, 23 Dec 2008 00:13:30 +0200
From: Rogut?s rogu...@googlemail.com
Subject: Re: [pmwiki-users] Security breach?
To: pmwiki-users@pmichaud.com
?
thx again!
adam
Message: 3
Date: Tue, 23 Dec 2008 00:13:30 +0200
From: Rogut?s rogu...@googlemail.com mailto:rogu...@googlemail.com
Subject: Re: [pmwiki-users] Security breach?
To: pmwiki-users@pmichaud.com mailto:pmwiki-users@pmichaud.com
Message-ID: 2008121330.ga7...@ugu.dokeda.lt
On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote:
Setting things to 755 is safer than 777. The question is, will that work
on your site, with your host, with your version of PHP, with the setup
of the webserver you have? I don't know. Easiest way to find out is
after
James M (2008-12-23 00:38):
On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote:
Setting things to 755 is safer than 777. The question is, will that work
on your site, with your host, with your version of PHP, with the setup
of the webserver you have? I don't know. Easiest
Hi
I have found some mysterious files on my small (8 pages) pmwiki site which
appear to compromise the security. The site uses AuthUser, with only 2
authorised users.
I only found this by chance as one of the pages has a link which was not
inserted by either of us (and points apparently to some
I've just found that there are also similar mystery php files in the
pub/skins/W directory - and this does not have 777 permissions.
And the extra link had been written to W.tmpl in that skins directory.
How could that happen? It certainly wasn't me, and I'm the only one who
knows the admin
18 matches
Mail list logo