Solved

How to safe the website from attacks despite write permission

Posted on 2007-11-27
2
229 Views
Last Modified: 2010-04-22
I have installes a CMS on a webpage which is been hosted on a:
Apache/2.2.6 (Unix) PHP/5.2.4 with Suhosin-Patch mod_ssl/2.2.6 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7 wenserver.

This CMS needs Create/Write/Delete permissions "770" on all folders and all subfolders. The hosting provider comments:
No possible to grant such permissions on our webserver. Earlier as we did so, we had every day lots of attacks with PHP on our server. and he asks what to do now?

I think he shouldn't have a good knowledge and I also don't know if there is a solution for this issue in the world? May you please help us?
Thanks in advance
0
Comment
Question by:Shareece
2 Comments
 
LVL 11

Expert Comment

by:tvman_od
ID: 20362875
Normally your hosting should provide you with its CMS.
If it's possible, run a separate web server (process, not hardware) on non-standard port with limited access from trusted networks just for CMS.

In most cases popular CMS have well known security issues, so attackers can find it relatively fast.
0
 
LVL 16

Accepted Solution

by:
Blaz earned 500 total points
ID: 20363811
The permissions Create/Write/Delete permissions are probabaly related only to the folders in your web, not the whole system right?

Note that CreateWrite/Delete permissions for files are 660 and not 770. But folders must have 770 permissions. I would guess that permissions on the files only need to be 600 if the owner of the file is correctly set.

Also for the file with 770 (or 660 or 600) no access is allowed to "all users" - only to file owner and owner group. So in order to access and change the files whatever way you need to have a 600 permission to some user. The cruical question (security wise) is what user are you giving access to - and the answer is probably apache user.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now