Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to safe the website from attacks despite write permission

Posted on 2007-11-27
2
Medium Priority
?
250 Views
Last Modified: 2010-04-22
I have installes a CMS on a webpage which is been hosted on a:
Apache/2.2.6 (Unix) PHP/5.2.4 with Suhosin-Patch mod_ssl/2.2.6 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7 wenserver.

This CMS needs Create/Write/Delete permissions "770" on all folders and all subfolders. The hosting provider comments:
No possible to grant such permissions on our webserver. Earlier as we did so, we had every day lots of attacks with PHP on our server. and he asks what to do now?

I think he shouldn't have a good knowledge and I also don't know if there is a solution for this issue in the world? May you please help us?
Thanks in advance
0
Comment
Question by:Shareece
2 Comments
 
LVL 11

Expert Comment

by:tvman_od
ID: 20362875
Normally your hosting should provide you with its CMS.
If it's possible, run a separate web server (process, not hardware) on non-standard port with limited access from trusted networks just for CMS.

In most cases popular CMS have well known security issues, so attackers can find it relatively fast.
0
 
LVL 16

Accepted Solution

by:
Blaz earned 2000 total points
ID: 20363811
The permissions Create/Write/Delete permissions are probabaly related only to the folders in your web, not the whole system right?

Note that CreateWrite/Delete permissions for files are 660 and not 770. But folders must have 770 permissions. I would guess that permissions on the files only need to be 600 if the owner of the file is correctly set.

Also for the file with 770 (or 660 or 600) no access is allowed to "all users" - only to file owner and owner group. So in order to access and change the files whatever way you need to have a 600 permission to some user. The cruical question (security wise) is what user are you giving access to - and the answer is probably apache user.

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question