How to safe the website from attacks despite write permission

Posted on 2007-11-27
Medium Priority
Last Modified: 2010-04-22
I have installes a CMS on a webpage which is been hosted on a:
Apache/2.2.6 (Unix) PHP/5.2.4 with Suhosin-Patch mod_ssl/2.2.6 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7 wenserver.

This CMS needs Create/Write/Delete permissions "770" on all folders and all subfolders. The hosting provider comments:
No possible to grant such permissions on our webserver. Earlier as we did so, we had every day lots of attacks with PHP on our server. and he asks what to do now?

I think he shouldn't have a good knowledge and I also don't know if there is a solution for this issue in the world? May you please help us?
Thanks in advance
Question by:Shareece
LVL 11

Expert Comment

ID: 20362875
Normally your hosting should provide you with its CMS.
If it's possible, run a separate web server (process, not hardware) on non-standard port with limited access from trusted networks just for CMS.

In most cases popular CMS have well known security issues, so attackers can find it relatively fast.
LVL 16

Accepted Solution

Blaz earned 2000 total points
ID: 20363811
The permissions Create/Write/Delete permissions are probabaly related only to the folders in your web, not the whole system right?

Note that CreateWrite/Delete permissions for files are 660 and not 770. But folders must have 770 permissions. I would guess that permissions on the files only need to be 600 if the owner of the file is correctly set.

Also for the file with 770 (or 660 or 600) no access is allowed to "all users" - only to file owner and owner group. So in order to access and change the files whatever way you need to have a 600 permission to some user. The cruical question (security wise) is what user are you giving access to - and the answer is probably apache user.


Featured Post

A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
This article explains how to use the rsync command to create backups and sync data across hosts. Rsync is a very useful command that is often used to copy data, make backups, migrate hosts, and bridge the gap between site staging and production envi…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question