Joomla! Discussion Forums

I remember when installing Joomla that I had to make a bunch of directories writable or 777 before I could go any further with the install. So I made all directories and config.php 777 and it worked. It has been working for quite some time now.

Now I see that I have become a victim of yet another IRC eggdrop shell bullcrap hack where all the files were located in the components folder. After contacting my web host they said they were able to upload those files to that directory based on the 777 permissions. WTF! If I did'nt have it at 777 most of Joomla breaks.

WTF do I do about this situation? How can I have the secure permission levels on directories without Joomla breaking. Here is the breakdown of the files we have been a victim of again.

After downloading a full backup of the domain teamtoc.net I have encountered a few files that have been flagged by norton anti virus as being a hacktool generator or a backdoor trojan. upon browsing the directory structure on the FTP of the domain I have come across a few files that seem rather suspicious. Could you please look into a possible security breach? Here are the locations of the files.

teamtoc.net/public_html/components/.psy/
teamtoc.net/public_html/components/.php/
teamtoc.net/public_html/components/.dat/
teamtoc.net/public_html/components/cbktech.tar.gz
teamtoc.net/public_html/components/ceria.tgz
teamtoc.net/public_html/components/psy.tar.gz


Thanks for writing in. I've checked and corrected the issue. This happened as there are full permissions to the users for few folder/files, due to which the user was able to upload those files. I would like to request you to review the permissions and make sure that they are proper.

Feel free to reply to this email if you need to add anything to this particular issue, or, create a new ticket for any new issue that you wish for us to address.

It looks to me like he made the components folder unwritable anymore. Is this correct? Does this mean I can't install components anymore?

The joomla folk can crrect me if I'm wrong but you need to set folder perm to 755 and files to 644, this should stop the hackers getting in.

If you need to install new modules or components have a look at the details at the top of the admin screen.

For Components
media/ Unwriteable
administrator/components/ Unwriteable
components/ Unwriteable
images/stories/ Unwriteable

Modules
media/ Unwriteable
administrator/modules/ Unwriteable
modules/ Unwriteable

Mambots
media/ Unwriteable
language/ Unwriteable
mambots/ Unwriteable
mambots/content/ Unwriteable
mambots/search/ Unwriteable
mambots/system/ Unwriteable

These folders have to be changed each time you install something or else you ar eleaving yourself open.

Why do they have it setup like that. Is'nt that kind of rediculous?

@stb74

Yes, those are the advisable permissions for directories (755) and files (644).  While this alone cannot stop crackers from compromising your site, it makes it more difficult.

@ 0wn4g3
For the most part, there was no choice.  The limiting factor is not Joomla itself but mostly problems with HTTP daemons and PHP.  Joomla! 1.5 will feature a major work around to this problem that will allow components/modules/templates etc to be installed via FTP instead of by HTTP upload. 

Furthermore, it sounds rediculous but on a practical level, how often are you actually installing new components/modules/templates/etc?  I doubt it is that frequently and most likely you do most of that work in groupings so you only have to adjust the permissions before you start for the day and set them back when you are done.  Not that big of a deal.

Note, files such as configuraton.php should not have file permissions that include 7's, files get set to 6 for read/write permissions.  Directories get 7 for read/write/execute