• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

How to safe the website from attacks despite write permission

I have installes a CMS on a webpage which is been hosted on a:
Apache/2.2.6 (Unix) PHP/5.2.4 with Suhosin-Patch mod_ssl/2.2.6 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7 wenserver.

This CMS needs Create/Write/Delete permissions "770" on all folders and all subfolders. The hosting provider comments:
No possible to grant such permissions on our webserver. Earlier as we did so, we had every day lots of attacks with PHP on our server. and he asks what to do now?

I think he shouldn't have a good knowledge and I also don't know if there is a solution for this issue in the world? May you please help us?
Thanks in advance
0
Shareece
Asked:
Shareece
1 Solution
 
tvman_odCommented:
Normally your hosting should provide you with its CMS.
If it's possible, run a separate web server (process, not hardware) on non-standard port with limited access from trusted networks just for CMS.

In most cases popular CMS have well known security issues, so attackers can find it relatively fast.
0
 
BlazCommented:
The permissions Create/Write/Delete permissions are probabaly related only to the folders in your web, not the whole system right?

Note that CreateWrite/Delete permissions for files are 660 and not 770. But folders must have 770 permissions. I would guess that permissions on the files only need to be 600 if the owner of the file is correctly set.

Also for the file with 770 (or 660 or 600) no access is allowed to "all users" - only to file owner and owner group. So in order to access and change the files whatever way you need to have a 600 permission to some user. The cruical question (security wise) is what user are you giving access to - and the answer is probably apache user.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now