How does the upload of files from the fileadmin work without world-writable subdirectories?
Fantastico installs of typo3 appear to leave everything wide open. Thank you, Tracey On Tue, 5 Jun 2007, Ries van Twisk wrote: > hey Tracey, > > you need to check how and what happens really closly. > Then you can possibly track back how you are getting hacked. > > In any case, one advice is to NEVER set a file > to world writable. Ask your webhoster what the proper > permissions are for your user and group that runs > your server under. He should know, if he doesn't know > then find a a hoster that does know. But never make a > directory or file world writable. > > Ries > > > On Jun 5, 2007, at 7:18 PM, Tracey Hummel wrote: > >> >> I have a couple of typo3 sites on hostrockets.com that get hacked >> almost >> weekly. I've implemented as many of the security suggestions as >> possible >> in Security Cookbook at: http://typo3.org/teams/security/ >> >> I tried setting all subdirectories to non-world writable even >> though this >> disables image and file uploads. >> >> Is there a list somewhere showing the necessary permissions for each >> subdirectory and that shows which files need to be world writable? >> >> Thank you, >> Tracey >> >> >> _______________________________________________ >> TYPO3-english mailing list >> [email protected] >> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english > > -- > Ries van Twisk > Freelance Typo3 Developer > email: [EMAIL PROTECTED] > web: http://www.rvantwisk.nl/ > skype: callto://r.vantwisk > > > > > _______________________________________________ > TYPO3-english mailing list > [email protected] > http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english > _______________________________________________ TYPO3-english mailing list [email protected] http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
