public_html folder is changing permission into 777

[Krki]

Hello

Something in Joomla is causing public_html folder permission to change from 750 into 777.
When this happens Internal Server Error is shown until I change permission back to 750.
My website is hosted on hostgator, VPS (level three) package
After website went live, during last month it happened 10ish times.

I wonder if something similar happened to any of you and how did you tracked the cause of this issue?

So far I created cron task to reset folder back to 750 every 5 minutes so that I dont need to monitor it 24/7 but I would like to sort this out.

Questions:
- is it possible to track what is changing root folder permission?
- is it possible to lock public_html folder into 750 so that nothing within it cannot change public_html folder permission?

Any help or hint is more than welcome

Regards

Joomla 1.7.5
Php 5.3.8

Other components installed which are heavily used by users and might cause this:
JomSocial
Ajax ShoutBox
jBolo chat
Simple gallery pro
jReviews
EasyBlog
thumbnailer
JCE editor (not available in frontend)

[mandville]

ok check the vel for any thing on there,. & i think that thumbnailer may use tinthumb a naughty script (was)
you would need to check the raw logs to see what may be causing it

[Krki]

Hi

ok check the vel for any thing on there,.

I don't understand what this "vel" means?

& i think that thumbnailer may use tinthumb a naughty script (was)
you would need to check the raw logs to see what may be causing it

Thanks for the hints. Will pay closer attention to that plugin.

I've also got hint that JomSocial may cause it. That's (for now) our most active component related to users photo uploads.

Raw log, here I come

Regards

[lifsnetwork]

I am having the same issue on my site, the public_html folder is being changed from 750 to 777 and crashing the site. I have traced this down to having something to do with when a member uploads a photo and only sees a default camera icon in the stream, this is when the error occurs and changes the public_html folder from 750 to 777 causing a 500 error on the site. I hope someone sees these posts and lends a hand to resolve this issue. I am running Joomla 1.7.2 and Jomsocial 2.4.2
Regards

[mandville]

I don't understand what this "vel" means?

i am shocked that after all these years in joomla you do not know what vel stands for

[Krki]

i am shocked that after all these yoers in joomla you do not know what vel stands for

So what If I didn't know about that acronym?
One of my big mistakes was me thinking that I'll be done with learning after I finished colleague. But even today, when I'm close to my 40's, I'm spending hour or two learning new stuff each day.
I was aware about that list, and today, thanks to you I know what VEL means.
TBH I thought that it was typo because you are fast typer

Ty & regards

[mandville]

should have added the mockshock at the end of my original line
the vel list has been around for 2+ years so its almost folklore in net terms (actually it is more a horror story/nightmare for some developers)

one thing to watch for with a lot of these scripts that allow uploads, they nicely treat users as dumb, so open folders with 777 perms, but like the proverbial drunken surgeon, forget to close it up again.
thats just bad scripting, but doing it to the public_html is "despicable"

[PhilD]

At one point and I don;t know off hand is it is still true without installing the extension (which I do not intend to purchase), JomSocial allowed administrators to set 777 on photo uploads from within the JomSocial config area. Check and verify that this is not checked or otherwise enabled.

JomSocial1.jpg

There is also a large number of recent hits on Google that indicate this (public_html permissions being changed to 777) appears to be the norm after installing/using JoomSocial. From what I can tell this (777) may be done by design and if so, then the extension should not be used.

[lifsnetwork]

This is not a setting in Joomla 1.7.x nor is this is Jomsocial 2.4.x

[PhilD]

Maybe and is why I said in the past.. and was not sure, I know it is not Joomla or a Joomla setting doing this as Joomla does not manipulate permissions (exception configuration.php to 444 after editing) but there are forum posts as recent as 3-6-12 on JoomSocial forums/blog and elsewhere that question why/when JoomScoial was installed/configured the entire public_html directory suddenly had it's permissions set to 777 which in many cases crashed the users site with a 500 error message. This in indicative of many sites do not allow settings higher than 644/755 on files/directories and if an attempt is made to do so will result in a server error. At the very least it will cause your domain to be quickly hacked. It is also seen in various answers I researched that is is suggested that if the server errors out on 777 permissions, then server configurations be changed to allow 777 which is a Huge no no. It was also suggested in various posts that people run cron jobs to set their permissions every minute to 755/644 when using JoomSocial. This is just plain a stupid idea to tie up server resources to compensate for something that should not occur in the first place, especially with an expensive paid product.

[Krki]

Hi PhilD

Latest JomSocial doesn't have such option. I've also got reply from JS developers that JomSocial also doesn't do any directory permission changes. I've searched all JS directories and no chmod function is found.

I still have four more components to investigate: Jreviews, EasyBlog, Simple gallery pro and MultiThumb. Only those are doing something related to photos.

Yes I (somewhat) agree that assigning cron to chmod public_html back to 750 every x minutes isn't good solution.
But for now, until I found what is causing, it I simply must use it or face ISE 500 error on random basis, and I need to keep our website alive as well.

Other option is to turn off default server protection which pops that error in case of 777 directories, which is IMHO not good at all.

Btw. that was me who created that recent post in JS forums about that issue.

Is it possible to install some kind of monitoring script which could track what changed pub_html folder to 777?

Thanks for your input.

Regards

[mandville]

MultiThumb. Only those are doing something related to photos.

actually have a look at the files in that extension - does it include timthumb?

Is it possible to install some kind of monitoring script which could track what changed pub_html folder to 777?

check security checklist 7

[PhilD]

I have reviewed some of the files of the latest JoomSocial and can find no reason or method for elevated permissions when using the current JoomSocial. I have also looked at an install of JoomSocial and find nothing of concern there either.

I would look elsewhere then and under no circumstances take the advice of others and change the server configuration to allow elevated permissions.

The security checklist 7 (http://docs.joomla.org/Security_Checklist_7) has a good oneline script that can run from cron and checks the -ctime of files and provide a list of any changed files since the last time it was run. The ctime is used as it is much harder to manipulate than -mtime and is more accurate overall. Many hacker scripts provide the ability to manipulate -mtime to help hide their tracks.

[justmebg]

I've been having the same issue, it's been crashing my site every week or so. I also have JomSocial and EasyBlog. If it's not JomSocial, is it possible the common element here is EasyBlog? There is a new user blog post right before this happened, but no images were uploaded. It's possible they tried to upload and it failed or something... I will ask the user and see if they can recall anything like this.

Started a thread on the EasyBlog troubleshooting forum about this: http://stackideas.com/forums/easyblog-p ... hange.html

[PhilD]

[ ] Download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package. Post the generated results in your security/been hacked topic.

It is likely you have been hacked and so also:

Before you post your security/been hacked topic, it is suggested to do all of the following. Failure to follow the suggestions below may leave your site vulnerable to being hacked again in the future.

You must state what version of Joomla you were using when when the site first became hacked. This can make a difference as to how we approach your individual situation.

[ ] Download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package. Post the generated results in your security/been hacked topic.

[ ] Ensure you have the latest version of Joomla for your 1.5 or 2.5 version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.

[ ] Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.

[ ] Review and action Security Checklist 7 Make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Checklist 7 contains a list or recommended scanners.

[ ] Change all passwords and if possible user names for the website host control panel. Change the Joomla database user name and password.

[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 for files and 755 for directories. The configuration file can be set to 444 which is read only.

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled.

[ ] Verify individually that any non-Joomla file such as but not limited to that will be placed back on the website such as images, pdf files, files for download, and other documents and files are valid and are supposed to be part of your website.

[ ] Replace the deleted files with fresh copies of a current full version of Joomla (minus the installation directory) you downloaded earlier. Install freshly downloaded copies of any extensions and templates used on the site. If the Joomla database user name and password were changed earlier, then make the necessary changes to the configuration.php file and upload a copy to the website. Upload any non-Joomla files that are necessary for your website. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in various files and directories More detailed information can be found in the security Checklist 7 link below.

Note: The forum post tool will work with all versions of Joomla.

[alaa77]

anyone could fix this ??
i am having the same problem

[tislynn]

I am having the same problem and believe it is definitely related to JomSocial.

I am having problems with people not being able to change their main profile photos on their JomSocial profiles. When they do, either the photo does not appear (neither the old one or new one) or an image of a camera appears. I have contacted JomSocial about this several times and they do not respond.

In addition, I was having problems with the public_html folder permissions being changed, but now I have traced the last two times that the permissions were changed (and the site crashed as a result) to the exact times that the user tried to change their photo and the camera image appeared. I can see the camera image in the activity stream at the time of the crash.

A third issue that I am having, which may or may not be related, but which also started when I upgraded to JomSocial 2.6, is that my 404 error pages don't work anymore. (see my other forum post) I am now wondering if it is also related. I get 500 errors for everything.

If anyone knows how to fix this please let us know.

[mandville]

What versions of jomsocial?

[tislynn]

2.6.2

[alaa77]

hey.. are you on shared hosting or vps ?

[tislynn]

Rackspace Cloud VPS

[alaa77]

ok great ..
i had the same problem with my VPS hostes with KnownHost.. which is a great host and imba support..
the problem happend when a user tries to upload a new image for their avatar or creating new albums..
i contacted knownhost..
they enabled the log and asked me if i can reproduce the error..
i did it and they have found the following errors ..

Hello,

I could see the following errors in Apache logs and I bet this is the reason behind your issue.

---
[Mon Aug 27 13:08:39 2012] [error] [client 80.90.168.24] SoftException in Application.cpp:6
01: Directory "/home/****/public_html" is writeable by group

[Mon Aug 27 13:08:39 2012] [error] [client 80.90.168.24] Premature end of script headers: index.php, referer:


[Mon Aug 27 13:08:39 2012] [error] [client 80.90.168.24] File does not exist: /home/****/public_html/500.shtml, referer:


[Mon Aug 27 13:08:41 2012] [error] [client 80.90.168.24] SoftException in Application.cpp:601: Directory "/home/****/public_html" is writeable by group, referer:
---

The above error was due to incorrect file/folder permissions. So, I went ahead and corrected the file/folder permissions.

that was the email i got from known host and since then my porblem has been solved..
contact your host and ask them to check if you have the same error that i had in apache log.. if so they should fix it for you.


also ask them to enable mod_FCGI..
i guess you are using suPHP which is so slow compared to fast cgi handler.

[jamalqc]

I have the same problem, every one have fix ? thank you!!

[Krki]

Hi jamalqc

I moved my website to another host because of other reasons, and I upgraded JomSocial to latest version. I haven't noticed this problem within last 2 months.
Could be settings on new host VPS, or new JomSocial, I don't know.
Or it could be that I just missed it when it happens because of:

I still have my initial "dirty" fix running: Every 5 minutes Cron calls CHMOD command which sets public_html permissions back to 750.
With this I don't need to watch over my website non stop.

I attached file which runs CHMOD command:

#!/bin/bash
chmod 750 /home/youraccountname/public_html

Unzip "reset_public_html_perms.sh" file and edit youraccountname part so that it represents your account actual name.

After that upload it in your account root folder.
Not in public_html, just one level out from it, here:
/home/youraccountname

In your Cpanel, at bottom, click "Cron jobs" button.
In "Common settings", select "Every 5 minutes"
In "Command" paste this line:
/home/youraccountname/reset_public_html_perms.sh > /dev/null
where youraccountname represents your account name

This should work until you (or someone else) doesn't find proper solution.

Edit: I re-uploaded modified reset_public_html_perms.zip file so that it doesn't contain my website account name, and added a little bit more explanation.

HTH

Regards

[jamalqc]

Thank you very mauch Krki

[mandville]

Moderator note:
Use scripts by a 3rd party at own risk and after identifying suitablility for your site.
The moderators may remove posted scripts at their discretion

akeeba admintools may also be suitable if you dont have suitable server access. but working out the underlying cause is better

[Krki]

Thank you very mauch Krki

You're welcome

The moderators may remove posted scripts at their discretion

My attachment doesn't overtake user's website
But if posting it breaks some rules, please remove it.

Regards

[mandville]

if it broke any rules it would have been removed by now. we prefer 755 for folders and of course you should check with your host
- what permissions mask new folders/files are created under
- if their server can handle a cron job every few minutes

[jamalqc]

Hi Krki,

I tried your file, but it not work....

I create file with one line:

#!/bin/bash chmod 755 /home/myuser/public_html

and i put it in /home/myuser/

and i add a cron job for calling this file reset_public_html_perms.sh like:

/home/myuser/reset_public_html_perms.sh > /dev/null

Thanks for your help

[Krki]

Hi jamalqc

Maybe your hosting provider has some restrictions or different path to user files.
If you are using shared hosting, some hosting providers limits some functionality.
So far I used this script on three (VPS) hosts, and it works OK.
IMO, it would be the best for you ask directly them:
- explain your problem
- ask them to set it up for you
On Hostgator they did it without problem

Regards