Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Hacker attacks


dandelion

Recommended Posts

Dandelion:

 

I am in the same boat as you. I know that when I insatalled my version of MS2.2 I was asked to chmod 777 those same folders.

 

Eww and Vger:

 

You guys say the solution is simple.. move! What if I have multiple installations on multiple domains for multiple clients? Not so simple now is it?

 

Other than moving, does anyone have a real solution?

 

I realise it probably has to do with PHP creating files owned by "nobody". But how can we change this?

 

Those of you who have your folder permissions set to 755, who is the owner of files created by PHP? For example your Admin uploaded images?

 

How can I change this setting for PHP?

 

Remo

Link to comment
Share on other sites

  • Replies 55
  • Created
  • Last Reply

Read the last post here: click me

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

regarding Cooch's post on Jun 21 2008 on page 2 of this thread:

 

Cooch put forward a method of CHMOD'ing the directory to 777 (via ftp) you are uploading to before the upload, and then CHMOD'ing the directory back to 755 after the upload and he proposed that it be done in the admin/categories.php file.

 

I got it to work as Cooch intended, however, I am interested in actually adding this functionality to the admin/includes/classes/upload.php class but I have a few questions first.

 

Does anyone know if this method is safe?

Can this file then be used by hackers to CHMOD other directories for their benefit?

Are there any other security holes that might be opened up by this method?

Does anyone know if this has already been done?

 

Thanks

 

R

Link to comment
Share on other sites

If a hacker came along when the folder was at 777 permissions (while you were in the middle of doing whatever it was you were doing) you'd still get hacked, so no it's not totally "safe".

:(

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

If it makes you feel any better I actually tested it and it did stop a PHP file from running, so I assume it would work just as well on the other types of scripts it disallows.

;)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...