The Joomla! Forum ™

Download

Demo


Board index » Joomla! 2.5 - Ask Support Questions Here » Security in Joomla! 2.5

Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 8 posts ] 
  Print view Previous topic | Next topic 
Author Message
jennied53
PostPosted: Wed Feb 22, 2012 6:15 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Aug 21, 2010 1:45 pm
Posts: 34
Hi

The permissions set on all my previous installations for the configuration.php file have always been 444. I am working on 2 new sites at the moment, both are on Joomla 2.5 installation and both are hosted with the same hosting company.

On one which has just gone live, I had to move the site and, since I had to edit the config file, I noticed that the permissions were set to 600. After amending the file I set them twice to 444 and it appeared to do it, bu when I next looked it had reset to 600 by itself. The other site they are 444.

I am puzzled as to why this should be happening and worried in case it is symptomatic of a security breach. Would be grateful for your thoughts.

Thanks
Top
 Profile  
 
mandville
PostPosted: Wed Feb 22, 2012 6:24 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11628
Location: The Girly Side of Joomla in Sussex
have you asked the host what their mask setting is?
being with the same host doesnt mean the same server or settings

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
jennied53
PostPosted: Wed Feb 22, 2012 6:39 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Aug 21, 2010 1:45 pm
Posts: 34
I wouldn't have known to ask this, but I certainly can ask them though I'm not sure I understand the question. I will research it.

Thanks
Top
 Profile  
 
mandville
PostPosted: Wed Feb 22, 2012 6:55 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11628
Location: The Girly Side of Joomla in Sussex
these pages may assist in understanding the basics of it.
http://forum.cmsmadesimple.org/viewtopic.php?t=12743
http://php.net/manual/en/function.umask.php

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
jennied53
PostPosted: Wed Feb 22, 2012 7:38 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Aug 21, 2010 1:45 pm
Posts: 34
Thank you for those links, that is very helpful.

I've had a reply from my hosting company, I'm not sure if they are talking about the same thing, but they say that if you use a one click installation of Joomla then it also installs a script which repermissions the files for security reasons.

So please, just one quick question. Which is more secure, 444 or 600 on the config file? To me 600 allows write access and is therefore seems less secure, but what do I know! 444 allows only read access.

They have said that they will amend the script if I want them to.

Thanks for your help!
Top
 Profile  
 
mandville
PostPosted: Wed Feb 22, 2012 8:20 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11628
Location: The Girly Side of Joomla in Sussex
444 is best in my book,
wonder what the script they install is. weird it keep resetting itself

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
jennied53
PostPosted: Thu Feb 23, 2012 2:24 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Aug 21, 2010 1:45 pm
Posts: 34
It is very weird. They must have recently introduced this as it has not happened on any other one click install I've done through them. I'm beginning to think that one-click installs are to be avoided. It's so tempting as it's much quicker than uploading all the files via FTP, but if they are going to mess with the installation I'd rather do it the hard way.

I have another site I'm working on which is hosted direct by the client with 1and1, and when I used their one-click install they had messed with the installation big time. Every single folder in the installation contained a php.ini file they'd added. I had so many problems with the site I eventually deleted it and reinstalled Joomla manually. However their server wouldn't allow me to delete all the folders from the one-click install and they are still sitting there annoying me!

I'll see if I can get any more info about the script. This install is with Heart Internet by the way, in case anyone else runs into this.
Top
 Profile  
 
UWwebmaster
PostPosted: Sat Mar 10, 2012 5:49 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Mar 02, 2012 11:05 pm
Posts: 6
First I want to say thanks for posting your problem, it helped me solve mine.

I also ran into a configuration.php file that I lost write permission to (I'm sure it is somthing I did and not a security breach). Im on a GoDaddy windows hosted share BTW. I could not edit,or delete the file but I could rename it??? filezilla would not change the permisions and I couldn't access the simple:9999 thing.
What I ended up doing is this.
From the godaddy FTP manager I archived the file, I then renamed the original file ***junk.php, I then extracted the archive with the original and the file permisions were restored.

At this point I can now use filezilla to adjust the permisions. The negitive is that I still have the *Junk.php sitting there. I guess it will be my backup lol.

I hope this helps someone else that is pulling out there hair.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 8 posts ] 


Board index » Joomla! 2.5 - Ask Support Questions Here » Security in Joomla! 2.5

Who is online

Users browsing this forum: dawin9 and 14 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group