Forum Post Assistant / FPA Discussion

This Forum board is about discussions about the FPA tool.

Moderator: General Support Moderators

bmareal
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Mon Apr 01, 2013 10:37 pm

Re: Forum Post Assistant / FPA Discussion

Post by bmareal » Mon Apr 01, 2013 10:43 pm

I'm trying to run de FPA on my site, but i can't get any results.

Turning on the diagnostic-mode is giving me the following message:
PHP Warning: readdir() expects parameter 1 to be resource, boolean given in /home/*****/public_html/fpa-en.php on line 1476

the script is in the same directory where joomla is installed, and all the folders seem to have the right permissions...

Any ideias?

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Mon Apr 01, 2013 10:52 pm

It is unable to read one or more directories. Do you have any set to less than 755? Perhaps your host set some malware directories to something like 000 or a hack set some odd permissions on directories?
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

bmareal
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Mon Apr 01, 2013 10:37 pm

Re: Forum Post Assistant / FPA Discussion

Post by bmareal » Mon Apr 01, 2013 11:07 pm

PhilD wrote:It is unable to read one or more directories. Do you have any set to less than 755? Perhaps your host set some malware directories to something like 000 or a hack set some odd permissions on directories?
yeah... i want to run the fpa exactly because i need to figure out if i was hacked, so the odd permissions are always a possibility. I can't see any folders with permissions below 755 though, and everywhere i looked seemed right... but i'm looking only to the folders using the cpanel file manager.

Any suggestion of a way to check the folder/subfolder permissions? I would like to check if something is wrong before starting to make changes to files and folders...

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19553
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by leolam » Tue Apr 02, 2013 4:43 pm

As Phil asked also: Is your public_html folder set to '750' or '000' (means locked)

In general just install Admin Tools and have Admin Tools set for you all permissions automatically to 755 and 644 ina your entire site

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

bmareal
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Mon Apr 01, 2013 10:37 pm

Re: Forum Post Assistant / FPA Discussion

Post by bmareal » Thu Apr 04, 2013 12:37 am

Oh, i didn't got that... sorry!

My public_html file is set to '750'. I figured out that i had another random (non-jomla) folder set to '000' from a previously failed upload or something.

I'm able to run JPA now, tanx for the hints!

I can't figure out anything wrong in the report, but i should create a different post for that, right? :)

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Thu Apr 04, 2013 10:27 am

Yes, create a post in the appropriate forum so we can help.
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

Heart
Joomla! Intern
Joomla! Intern
Posts: 50
Joined: Fri Aug 19, 2005 11:42 am
Location: near Munich

Re: Forum Post Assistant / FPA Discussion

Post by Heart » Mon Apr 29, 2013 12:18 pm

General question... I was hacked and had a few trojans in the /tmp folder. So I used fpa (and other check scripts) to find illegal files in my joomla root and subfolders.

What I have now are the following new mysql databases named "bf_core_hashes, bf_files, bf_folders,
bf_folders_to_scan und bf_scan_state" and I don't know if these came from fpa, or from the myjoomla.com a udit, or is this from the trojan I had, or or or ....!?
You do not have the required permissions to view the files attached to this post.
Regards,
Heart

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1193
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilTaylor-Prazgod » Mon Apr 29, 2013 12:26 pm

Tables prefixed with bf_ (and not your db prefix like jos_bf_*) are created by the myJoomla.com web service and be safely deleted at any time. They will be regenerated each time you run an audit using the security service at myJoomla.com

If you have any further questions about the service of myJoomla.com please contact me directly using the contact form on the website. I do not monitor this forum :-)

Kindest regards
Phil.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Mon Apr 29, 2013 12:56 pm

Thanks Phil for explaining the tables existence.
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

the_observer
Joomla! Apprentice
Joomla! Apprentice
Posts: 38
Joined: Mon Feb 05, 2007 11:21 am

Re: Forum Post Assistant / FPA Discussion

Post by the_observer » Mon Apr 29, 2013 1:18 pm

where can i download FPA ?

The links existing are just downloading a *zip file which is empty.

Thank you for your time reading this.

Regards,
the_observer.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19553
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by leolam » Mon Apr 29, 2013 2:36 pm

the_observer wrote:The links existing are just downloading a *zip file which is empty.
I confirm this and I have contacted the moderators on this

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Mon Apr 29, 2013 2:54 pm

The links are correct, but I think there is currently an issue with the zipball service of github.
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19553
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by leolam » Mon Apr 29, 2013 3:04 pm

Thanks Phil for the prompt reply!

Leo
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Mon Apr 29, 2013 4:40 pm

As a temporary measure while I sort the GitHub issues, I have uploaded a zip version of the FPA file and docs to the Forum Post Assistant / FPA topic in the 2.5 security forum.
http://forum.joomla.org/viewtopic.php?f=621&t=582860

File that is attached is named FPA-en-GB.zip
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Tue Apr 30, 2013 3:38 pm

Update.
The normally reliable GitHub had some issues yesterday that affected some repositories. The FPA repository was one of those affected.

The links to the FPA Github download have been restored to the Forum Post Assistant / FPA topic in the 2.5 security forum. http://forum.joomla.org/viewtopic.php?f=621&t=582860
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

webolution
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Fri Jan 30, 2009 10:10 pm

Re: Forum Post Assistant / FPA Discussion

Post by webolution » Tue May 14, 2013 2:57 pm

I am attempting to run FPS for the first time on one of my sites and have run into the following error and I am not sure how to handle it and Google has been no help...

Array ( [0] => apache_child_terminate [1] => apache_request_headers [2] => apache_response_headers [3] => getallheaders )

Thanks for any assistance.

R3yisgood
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Jun 12, 2013 8:43 pm

Re: Forum Post Assistant / FPA Discussion

Post by R3yisgood » Thu Jun 13, 2013 7:51 am

hi

i tried to run fpa from my browser and this the results

Parse error: syntax error, unexpected $end in /home/k4724275/public_html/fpa-en.php on line 5609

whats wrong?

gk_theodore
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Mar 03, 2013 6:06 pm

Re: Forum Post Assistant / FPA Discussion

Post by gk_theodore » Fri Jul 12, 2013 8:53 pm

Dear All,

In my WIMP (Windows/IIS/MySQL/PHP) stack, FPA always reports folder permissions as 777.
No matter what I do: Take ownership, make me the sole owner, give no one permissions but myself and even that, give myself only Read permission it still says: 777.

Can somebody confirm / replicate this?

Thank you,
---
Theodore.

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 25770
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Forum Post Assistant / FPA Discussion

Post by Per Yngve Berg » Fri Jul 12, 2013 9:39 pm

The Windows File System does not have an access permission based on owner. Therefore it always shows 3 equal numbers.

gk_theodore
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Mar 03, 2013 6:06 pm

Re: Forum Post Assistant / FPA Discussion

Post by gk_theodore » Sun Jul 14, 2013 8:32 am

Per Yngve Berg wrote:The Windows File System does not have an access permission based on owner. Therefore it always shows 3 equal numbers.
Thank you for your reply.
Why then the numbers are 7 (Full Control) even if I only give Read-Only perms to the owner?

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Tue Jul 16, 2013 3:29 pm

See this doc page for an explanation of windows file permissions and how to relate them to unix file permissions.

Most local development servers and the computers they run on are not intended or set up properly for permissions/ownerships and should not be used for live hosting.

The FPA reports the effective permissions that are seen by the php process run by the web server. So if it (FPA) reports 777 then that is the effective permissions seen by the web server installed on the computer. It can be a pain to properly setup the ownerships and permissions under standard windows installs and pass those permissions to the webserver properly.
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

gk_theodore
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Mar 03, 2013 6:06 pm

Re: Forum Post Assistant / FPA Discussion

Post by gk_theodore » Tue Jul 16, 2013 4:00 pm

PhilD wrote:See this doc page for an explanation of windows file permissions and how to relate them to unix file permissions.
...
There is no link but I believe you mean the following:
http://docs.joomla.org/How_do_Windows_f ... ns_work%3F

So, you're saying that you (or somebody else) have tried FPA in an NTFS environment and found it to properly report permissions?
(Other than 777 obviously)

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Tue Jul 16, 2013 4:56 pm

Yea that's the one, sorry I forgot the link.....
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Tue Jul 16, 2013 6:00 pm

I'm not going to claim to be any expert on permissions and acl settings in windows.

I believe the original author of the FPA did testing on Unix and IIs boxes and I believe the methods used are proven correct in those environments.

The FPA is written in php and uses a standard php calls for determining the effective permission levels, and ownerships, and reports the permissions as they are reported to the php process.

Running a *amp (xamp, wamp, etc) install under windows is vastly different than running an actual IIs server. *amp installs are not by default secure, nor are intended to be secure out of the box and are generally intended to be a development environment for testing. When running a *amp install, the ports of the apache server, mysql server, cgi, and php etc. are running on top of the windows install. Most windows do not have the correct settings for server use and the install will inherit the permissions, groups, etc. of the current user which are normally incorrect.
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

gk_theodore
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Mar 03, 2013 6:06 pm

Re: Forum Post Assistant / FPA Discussion

Post by gk_theodore » Tue Jul 16, 2013 7:29 pm

PhilD wrote: ...
I believe the original author of the FPA did testing on Unix and IIs boxes and I believe the methods used are proven correct in those environments.
...
I believe it so, but as I am sure you undertand, beliefs and hopes don't have any substance in this context do they?
PhilD wrote: ...
Running a *amp (xamp, wamp, etc) install under windows is vastly different than running an actual IIs server. *amp installs are not by default secure, nor are intended to be secure out of the box and are generally intended to be a development environment for testing.
...
I never ran an *amp install and never said I did. I said I am running a WIMP STACK!
That is:
On a running Windows Server 2003 machine I installed IIS6 as per MS directions.
After that I installed MySQL.
After that I installed PHP, taking every care to install it properly and securely.
PhilD wrote: I'm not going to claim to be any expert on permissions and acl settings in windows.
...
I never claimed papal infallibility either! I could very well be mistaken!
But somebody PROVE me wrong and I will happily shout: "Mea culpa!"

webmuse
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Fri Jul 09, 2010 4:39 pm

Re: Forum Post Assistant / FPA Discussion

Post by webmuse » Tue Jul 16, 2013 8:23 pm

Found a minor bug in the code.

When pulling values out of the configuration.php file, it ignores if a value is inside a comment. I have one file that I can update for use locally or on the production server, so I have commented out a line that reads:

Code: Select all

// public $host = 'localhost';
This line was immediately before the line used by the system.

For this reason, I wasn't getting any of the database info, since my hosting provider uses a db running at a different url.
Once I changed the order of these lines, then fpa picked up the correct value.

It should be easy to have preg_match detect a line starting with '//', but it might require removal of all /* ... */ comments before extracting information.

Hope this might help others who want to see info that is not coming thru.

WebMuse

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Forum Post Assistant / FPA Discussion

Post by PhilD » Tue Jul 16, 2013 10:24 pm

I'll add it to the list of suggestions
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

rygel
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sat Aug 17, 2013 7:09 am

Re: Forum Post Assistant / FPA Discussion

Post by rygel » Sat Aug 17, 2013 8:24 am

webolution wrote:I am attempting to run FPS for the first time on one of my sites and have run into the following error and I am not sure how to handle it and Google has been no help...

Array ( [0] => apache_child_terminate [1] => apache_request_headers [2] => apache_response_headers [3] => getallheaders )

Thanks for any assistance.
I have the same problem. Is there any solution?

Ir1sh
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Mon Aug 19, 2013 9:47 pm

Re: Forum Post Assistant / FPA Discussion

Post by Ir1sh » Fri Aug 23, 2013 7:38 pm

One of the sites I just inherited has definitely been compromised. I have downloaded the fpa tool and have been trying to run it.

Unfortunately rackspace has its cloud sites set to timeout after 30 seconds which dosnt seem to be long enough for the tool to run and return the results. I have tried to change the max execution time in the script itself but it turns out that no matter what I do with the php rackspaces load balancers are set to time out after 30 seconds. I can run this script as a cron job but I dont think I can see the output then.

Can anyone tell me how to modify the script so that it exports the results to a new file in the same dir as the script? that way I can visit that page and view the results after the script has run.

ayubjon
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Tue Jul 30, 2013 6:58 am

Re: Forum Post Assistant / FPA Discussion

Post by ayubjon » Thu Oct 03, 2013 9:48 am

As of today those links tothe Github is not working. Is there any other place from where I can download the FPA?


Post Reply

Return to “Forum Post Assistant (FPA)”