No longer able to upload or write in 1.5.22 and 1.5.25

Discussion regarding Joomla! 2.5 security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
inekevm
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sun Oct 28, 2012 12:26 pm

No longer able to upload or write in 1.5.22 and 1.5.25

Post by inekevm » Wed Nov 21, 2012 3:41 pm

Ik ben door de wijziging tbv leesbaarder url's van mijn pagina's mijn originele site kwijtgeraakt. Heb hem met hulp hersteld onder http://www.mulliq.nl (1.5.22) en een kopie in de root testmulliq (1.5.25). Die kopie was bedoeld om een geheel nieuwe schone versie te maken maar die werkt nog minder dan de mulliq.
Ik kan echter bij beiden niet uploaden of schrijven ondanks dat ik via ftp alle rechten op 777 zet. Volgens mijn host is dat een scripting kwestie van Joomla. Dat zou ook wel kunnen maar waarom ontstaat dat dan ineens? Bijgevoegd een screenafdruk van hoe Joomla reageert als ik iets wil uploaden of installeren.
Ik hoop dat iemand mij kan helpen anders zal ik toch echt naar een andere techniek moeten uitwijken.
You do not have the required permissions to view the files attached to this post.
Last edited by mandville on Wed Nov 21, 2012 11:48 pm, edited 1 time in total.
Reason: retitled to comply with forum rules

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2737
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Niet meer kunnen uploaden of schrijven in 1.5.22 en 1.5.

Post by PhilD » Wed Nov 21, 2012 5:25 pm

English Please.

All posts must be in English, unless posted in a specific international forum. If posting in a international forum, please use the language of that forum, and not English.
http://forum.joomla.org/viewtopic.php?f=8&t=65
PhilD

inekevm
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sun Oct 28, 2012 12:26 pm

Re: unable to upload or write in 1.5.22 and 1.5.25

Post by inekevm » Wed Nov 21, 2012 11:21 pm

I am not a native speaker so you will have to deal with dutch-english: Because of a change that should make my page-urls easier to find for google, my whole site was within an hour completely gone.

With help of a friend I recovered the site Joomla in the original version 1.5.22 (with all the problems like no extension was working) and created a testsite in the same root Joomla 1.5.25 (www.mulliq.nl)
This testsite was meant to have a platform to create a fresh site without the problems mentioned and eventually uploaded as my prime site. Fact is that this testsite malfunctiones even more. I get the stranges effects like wrong colors, no possibility to influence the order of documents in the frontpage!

On both sites I cannot upload foto's, extensions of write in the rootfiles -also when the rights are set 777- with ftp. According to my host it is a scripting-issue in Joomla and has nothing to do with a non-matching ftp version. That could be possible but why does the problem came so suddenly?
The screencapture shows the message that Joomla give with any upload.

I hope there is somebody who can help me otherwise I will search for a CMS which is beter supported.
Because I cannot or could not find any help/information about making the page-urls more readable or what I would want: how to upgrade my site to a new Joomla version without problems enough for one year?
I am pretty handy but my site is important for my work and I earn my money not with days en days Joomla but with a findable site.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Niet meer kunnen uploaden of schrijven in 1.5.22 en 1.5.

Post by mandville » Wed Nov 21, 2012 11:42 pm

[ ] Download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package. Post the generated results in your security/been hacked topic. Use these links to download the FPA:
Download .tar.gz version or Download the .zip version NOTE: Do not download the FPA from any other website or links found on the Internet.

[ ] Ensure you have the latest version of Joomla for your version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.

assuming you no longer have 777 folder permissions, please run the fpa so we can see what the issue may be
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

inekevm
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sun Oct 28, 2012 12:26 pm

Re: No longer able to upload or write in 1.5.22 and 1.5.25

Post by inekevm » Sun Nov 25, 2012 4:39 pm

I can upload the zipped file and unzip it in my filezilla client in de www but I donot see any xxx which I can replace by my joomla version. So I cannot do anything. I cannot open it whatever name I use.
Look in www.mulliq.nl where you find the FPA file. I like to use it for my testmulliq because my mulliq site has to be in the air and looks reasonable at this moment. But if this doasnot functione I am not very hopefully about my testmulliq site. The testmulliq ins in 5.1.22 en the mulliq site in 1.5.25. Is the FPA file lately updated?

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2737
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: No longer able to upload or write in 1.5.22 and 1.5.25

Post by PhilD » Mon Nov 26, 2012 6:32 am

The FPA script will work on every version of Joomla.
The FPA is up to date and simply enables us to see in a standard way your server and site setup so we may try to help solve your issues.

* Download the FPA script from this link https://github.com/ForumPostAssistant/FPA/zipball/en-GB to your local computer.

* Unzip the zip package you downloaded locally to your computer.

* Use your FTP program to Upload the file named fpa-en.php to the www area of your webserver. This is the same place where your Joomla files are located.

* Run the script from your web browser like this:
http://www.mulliq.nl/fpa-en.php

* Once the script has run click on "Show the Forum Post Assistant"

* Then Click on the green "Click Here To Generate Post" button to build the post content.

* Once the post content is generated, Place your mouse cursor inside of the "Forum Post Assistant Post Detail" area.

* Select all the text in the detail area by using the key combination Ctrl A (in windows computers) to select all the text in the detail area.

* Copy the highlighted text in the detail area using a Ctrl C key combination.

* Start a new post in this forum thread using the quick reply or the full editor.

* Paste the text you copied from the FPA into the forum post by using the Ctrl V key combination.

* Click the submit button to submit the forum post.

* Once you have finished running the FPA script and copying the results into the forum post. Click on the "After use, Click Here to delete this script." link in the FPA script page to remove the script from your site.
PhilD

inekevm
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sun Oct 28, 2012 12:26 pm

Re: No longer able to upload or write in 1.5.22 and 1.5.25

Post by inekevm » Tue Nov 27, 2012 1:03 pm

Forum Post Assistant (v1.2.3) : 27th November 2012 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.25-Stable (senu takaa ama mamni) 14-November-2011
Joomla! Configured :: Yes | Writable (644) | Owner: vhost0003595 (uid: 1/gid: 1) | Group: vhostuser (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: No (ReWrite Enabled but no .htaccess?) | GZip: 0 | Cache: 0 | FTP Layer: 1 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-44-server | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /htdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.2-1ubuntu4.18 | PHP API: apache2handler | Session Path Writable: Unknown | Display Errors: 0 | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: 0 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 64M

MySQL Configuration :: Version: 5.1.63-0ubuntu0.10.04.1 (Client:5.1.66) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 533.36 KiB | #of Tables:  53
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.2-1ubuntu4.18) | date (5.3.2-1ubuntu4.18) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gettext () | session () | iconv () | json (1.2.1) | mbstring () | SPL (0.2) | standard (5.3.2-1ubuntu4.18) | posix () | Reflection ($Revision: 293036 $) | Phar (2.0.1) | shmop () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.9.1) | apache2handler () | curl () | gd () | imagick (2.1.1-rc1) | imap () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | sqlite3 (0.7-dev) | tidy (2.0) | xsl (0.1) | mhash () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Apache Modules :: core | mod_log_config | mod_logio | prefork | http_core | mod_so | mod_actions | mod_alias | mod_auth_basic | mod_authn_file | mod_authz_default | mod_authz_groupfile | mod_authz_host | mod_authz_user | mod_autoindex | mod_cgi | mod_dav | mod_dav_fs | mod_dav_svn | mod_authz_svn | mod_deflate | mod_dir | mod_env | mod_expires | mod_headers | mod_include | mod_mime | mod_negotiation | mod_php5 | mod_python | mod_reqtimeout | mod_rewrite | mod_rpaf | mod_ruid2 | mod_setenvif | mod_vhost_alias | mod_status | Apache |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_ssl | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (777) | tmp/ (777) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: logs/ (777) | testmulliq/images/ (777) | testmulliq/media/ (777) | tmp/ (777) | xmlrpc/cache/ (777) | xmlrpc/includes/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: MailTo (1.5.0) | Wrapper (1.5.0) | User (1.5.0) |
Components :: ADMIN :: Polls (1.5.0) | Frontpage (1.5.0) | Contact Items (1.0.0) | Mass Mail (1.5.0) | Language Manager (1.5.0) | Cache Manager (1.5.0) | User Manager (1.5.0) | Module Manager (1.5.0) | Content Page (1.5.0) | Installation Manager (1.5.0) | Trash (1.0.0) | Search (1.5.0) | Control Panel (1.5.0) | Menus Manager (1.5.0) | Weblinks (1.5.0) | Template Manager (1.5.0) | Newsfeeds (1.5.0) | Media Manager (1.5.0) | Messaging (1.5.0) | Plugin Manager (1.5.0) | Banners (1.5.0) | Configuration Manager (1.5.0) |

Modules :: SITE :: Archived Content (1.5.0) | Poll (1.5.0) | Who\'s Online (1.0.0) | Related Items (1.0.0) | Login (1.5.0) | Random Image (1.5.0) | Footer (1.5.0) | Statistics (1.5.0) | Most Read Content (1.5.0) | Wrapper (1.0.0) | Sections (1.5.0) | Latest News (1.5.0) | Breadcrumbs (1.5.0) | Newsflash (1.5.0) | Banner (1.5.0) | Feed Display (1.5.0) | Syndicate (1.5.0) | Search (1.0.0) | Custom HTML (1.5.0) | Menu (1.5.0) |
Modules :: ADMIN :: Popular Items (1.0.0) | Logged in Users (1.0.0) | Feed Display (1.5.0) | Quick Icons (1.0.0) | Admin Submenu (1.0.0) | Toolbar (1.0.0) | Latest News (1.0.0) | User Status (1.5.0) | Footer (1.0.0) | Custom HTML (1.5.0) | Online Users (1.0.0) | Items Stats (1.0.0) | Unread Items (1.0.0) | Title (1.0.0) | Login Form (1.0.0) | Admin Menu (1.0.0) |

Plugins :: SITE :: Content - Load Modules (1.5) | Content - Pagebreak (1.5) | Content - Vote (1.5) | Content - Page Navigation (1.5) | Content - Example (1.0) | Content - Email Cloaking (1.5) | Content - Code Highlighter (Ge (1.5) | Authentication - Example (1.5) | Authentication - LDAP (1.5) | Authentication - GMail (1.5) | Authentication - Joomla (1.5) | Authentication - OpenID (1.5) | User - Example (1.0) | User - Joomla! (1.5) | System - Mootools Upgrade (1.5) | System - Debug (1.5) | System - Legacy (1.5) | System - Backlinks (1.5) | System - SEF (1.5) | System - Remember Me (1.5) | System - Cache (1.5) | System - Log (1.5) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | Button - Pagebreak (1.5) | Button - Readmore (1.5) | Button - Image (1.0.0) | Search - Content (1.5) | Search - Sections (1.5) | Search - Categories (1.5) | Search - Newsfeeds (1.5) | Search - Contacts (1.5) | Search - Weblinks (1.5) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) |
Templates Discovered :: wrote:Templates :: SITE :: rhuk_milkyway (1.0.2) | MULLIQ (1.0.0) | beez (1.0.0) | JA_Purity (1.2.0) |
Templates :: ADMIN :: Khepri (1.0) |

inekevm
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sun Oct 28, 2012 12:26 pm

Re: No longer able to upload or write in 1.5.22 and 1.5.25

Post by inekevm » Tue Nov 27, 2012 1:13 pm

I couldnot find the button "after use tetc." so I like to delete the fpa-en file.
But I donot know if you need it further. Please let me know soon otherwise it will be these untill the late evening (in holland).
I Hope you can find out what is wrong. I only saw that there is something with apache and that the tmp and the logfile on whicht I cannot write have a red 777 code.

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2737
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: No longer able to upload or write in 1.5.22 and 1.5.25

Post by PhilD » Tue Nov 27, 2012 6:06 pm

You can delete the script. The Delete link is in the top of the FPA page in the first box. If the delete fails, use your ftp program to delete it.
inekevm wrote:Because of a change that should make my page-urls easier to find for google, my whole site was within an hour completely gone.


To answer your main question:

.htaccess/web.config: No (ReWrite Enabled but no .htaccess?) -->> this will cause all kinds of issues with the site. Enable the htaccess file that comes with Joomla by renaming htaccess.txt to .htaccess or Turn off rewrite in the configuration setup of Joomla.




Other things I find wrong:

Joomla! 1.5.25 -->> current version is 1.5.26 update to the new version.

PHP API: apache2handler -->> use of apache2handler usually causes ownership and permissions issues with a site. It is better to use a server that uses cgi-fcgi

Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_ssl | mod_qos | mod_userdir | ---->> if these are missing it may cause issues with site operation and indicates the server is improperly configured.

use of ubuntu as a server. --->>potentially bad as it indicates inexperience or poor server practices in many cases.

Core Folders set to 777 permissions. ----->>> this is bad and will cause site to be hacked. set all directories to 755.

Elevated Permissions (First 10) ----->>> this is bad and will cause site to be hacked. Set all files to 644
PhilD

inekevm
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sun Oct 28, 2012 12:26 pm

Re: No longer able to upload or write in 1.5.22 and 1.5.25

Post by inekevm » Tue Nov 27, 2012 10:11 pm

.htaccess/web.config: No (ReWrite Enabled but no .htaccess?) -->> this will cause all kinds of issues with the site. Enable the htaccess file that comes with Joomla by renaming htaccess.txt to .htaccess or Turn off rewrite in the configuration setup of Joomla.

Core Folders set to 777 permissions. ----->>> this is bad and will cause site to be hacked. set all directories to 755.

Elevated Permissions (First 10) ----->>> this is bad and will cause site to be hacked. Set all files to 644

I have changed them according to what you said.

The other points:
PHP API: apache2handler -->> use of apache2handler usually causes ownership and permissions issues with a site. It is better to use a server that uses cgi-fcgi

I have installed Joomla the way it is asked; why should it use apache2 handler if there wasnot asked for?
How will I know that the host I use has this programm you cgi-fcgi mentioned ??? And how can I change my site accordingly?

Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_ssl | mod_qos | mod_userdir | ---->> if these are missing it may cause issues with site operation and indicates the server is improperly configured.
Do you mean that the Joomla is not installed properly? How can I adjust this without newly installing the site?

use of ubuntu as a server. --->>potentially bad as it indicates inexperience or poor server practices in many cases.
How has that happened if I didnot ask for it?????

I want my site in the new version but as this trouble is enough I like to have solved it in advance and then turn over to a new version. All at good time. My site is my card so it had to be in the air.
Thank you for your help up till now and please help me out up to the new version?!


Locked

Return to “Security in Joomla! 2.5”