Re: [pmwiki-users] Security breach?

PKHG wrote: Hallo, Using an FTP-client for changing protection codes, I do not have the possibility to set the guid bit (I mean chmod 2777) ?! And (my) ftp direct does not have a chmod at all? So that ‘trick’ is not possible for everybody? Greetings Peter FireFTP

Re: [pmwiki-users] Security breach?

...@pmichaud.com [mailto:pmwiki-users-boun...@pmichaud.com] Namens James M Verzonden: dinsdag 23 december 2008 1:39 CC: pmwiki-users@pmichaud.com Onderwerp: Re: [pmwiki-users] Security breach? On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote: Setting things to 755 is safer than 777

[pmwiki-users] Security breach?

Using an FTP-client for changing protection codes, I do not have the possibility to set the guid bit (I mean chmod 2777) ?! Maybe your PHP is set with safe_mode on? And (my) ftp direct does not have a chmod at all? This sounds quite odd (or I understand it wrong). You mean that you cannot

Re: [pmwiki-users] Security breach?

...@pmichaud.com] *Namens *James M *Verzonden:* dinsdag 23 december 2008 1:39 *CC:* pmwiki-users@pmichaud.com *Onderwerp:* Re: [pmwiki-users] Security breach? On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote: Setting things to 755 is safer than 777. The question is, will that work

Re: [pmwiki-users] Security breach?

? So that ‘trick’ is not possible for everybody? Greetings Peter *Van:* pmwiki-users-boun...@pmichaud.com [mailto:pmwiki-users-boun...@pmichaud.com] *Namens *James M *Verzonden:* dinsdag 23 december 2008 1:39 *CC:* pmwiki-users@pmichaud.com *Onderwerp:* Re: [pmwiki-users

Re: [pmwiki-users] Security breach?

-users@pmichaud.com *Onderwerp:* Re: [pmwiki-users] Security breach? On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote: Setting things to 755 is safer than 777. The question is, will that work on your site, with your host, with your version of PHP, with the setup

Re: [pmwiki-users] Security breach?

James M (2008-12-21 22:45): I've just found that there are also similar mystery php files in the pub/skins/W directory - and this does not have 777 permissions. And the extra link had been written to W.tmpl in that skins directory. How could that happen? It certainly wasn't me, and I'm the

Re: [pmwiki-users] Security breach?

Thanks for your comments Rogutes I've just had a long conversation with tech support at my host (who are excellent). What happens is that the hackers use the uploads directory (with 777 permissions) to upload php files, and then it seems these php files can be used to access other parts of the

Re: [pmwiki-users] Security breach?

What happens is that the hackers use the uploads directory (with 777 permissions) to upload php files, and then it seems these php files can be used to access other parts of the filesystem (if I understood ...snip... If a directory has 777 permissions, is there anything to stop someone

Re: [pmwiki-users] Security breach?

twiddling, changing permissions... thx adam Message: 6 Date: Mon, 22 Dec 2008 10:25:35 -0500 From: DaveG pmw...@solidgone.com Subject: Re: [pmwiki-users] Security breach? To: jamesm1...@googlemail.com, pmwiki-users@pmichaud.com Message-ID: 4a708741ac82d970e15efebd74de3...@solidgone.com Content

Re: [pmwiki-users] Security breach?

adam overton (2008-12-22 13:00): hi, is this true? Either way, don't set anything to 777. b/c the installation instructions for pmwiki (http://pmwiki.org/wiki/ PmWiki/Installation) say setting uploads and wiki.d to 777. should they be 775 instead? just wondering if there's any

Re: [pmwiki-users] Security breach?

, changing permissions... thx adam Message: 6 Date: Mon, 22 Dec 2008 10:25:35 -0500 From: DaveG pmw...@solidgone.com Subject: Re: [pmwiki-users] Security breach? To: jamesm1...@googlemail.com, pmwiki-users@pmichaud.com Message-ID: 4a708741ac82d970e15efebd74de3...@solidgone.com

Re: [pmwiki-users] Security breach?

without seeing something in print on the site that says everything is going to just fine if ___, know what i mean? thx again! adam Message: 3 Date: Tue, 23 Dec 2008 00:13:30 +0200 From: Rogut?s rogu...@googlemail.com Subject: Re: [pmwiki-users] Security breach? To: pmwiki-users@pmichaud.com

Re: [pmwiki-users] Security breach?

? thx again! adam Message: 3 Date: Tue, 23 Dec 2008 00:13:30 +0200 From: Rogut?s rogu...@googlemail.com mailto:rogu...@googlemail.com Subject: Re: [pmwiki-users] Security breach? To: pmwiki-users@pmichaud.com mailto:pmwiki-users@pmichaud.com Message-ID: 2008121330.ga7...@ugu.dokeda.lt

Re: [pmwiki-users] Security breach?

On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote: Setting things to 755 is safer than 777. The question is, will that work on your site, with your host, with your version of PHP, with the setup of the webserver you have? I don't know. Easiest way to find out is after

Re: [pmwiki-users] Security breach?

James M (2008-12-23 00:38): On Mon, Dec 22, 2008 at 11:53 PM, DaveG pmw...@solidgone.com wrote: Setting things to 755 is safer than 777. The question is, will that work on your site, with your host, with your version of PHP, with the setup of the webserver you have? I don't know. Easiest

[pmwiki-users] Security breach?

Hi I have found some mysterious files on my small (8 pages) pmwiki site which appear to compromise the security. The site uses AuthUser, with only 2 authorised users. I only found this by chance as one of the pages has a link which was not inserted by either of us (and points apparently to some

Re: [pmwiki-users] Security breach?

I've just found that there are also similar mystery php files in the pub/skins/W directory - and this does not have 777 permissions. And the extra link had been written to W.tmpl in that skins directory. How could that happen? It certainly wasn't me, and I'm the only one who knows the admin