test
Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • mayke Friend
    #131102

    Hi experties,

    After we do the changes in Telline.
    How do we securing our site back with the right permission, but Telline still works fine.
    And what others that we should do beside the permission issue to keep safe the site?
    Is anyone able to give me the information?

    Thank you guys.

    cgc0202 Friend
    #260982

    <em>@mayke 68012 wrote:</em><blockquote>Hi experties,

    After we do the changes in Telline.
    How do we securing our site back with the right permission, but Telline still works fine.
    And what others that we should do beside the permission issue to keep safe the site?
    Is anyone able to give me the information?

    Thank you guys.</blockquote>

    Hi mayke,

    Do you have a site that we can view? What version of Joomla are you using? I am not an expert on this, but to control registration, I use Community Builder (CB). In the Component configuration, you can specify that you have to approve whoever registers before they can login to your site. The default registration/login with Joomla does not have that feature.

    I have some problems with the new version of the Community Builder (CB), CB v1.2RC2. This maybe because of my server.

    Other customers here suggested JUGA, to control who can read specific pages, if you want. I have not used it yet.

    Cornelio

    anaivelisse Friend
    #260985

    Hi Cornelio-

    I think Mayke’s question is very important, because we have had to change server permissions from 644 to 777 in order to make alterations in the template and the modules.

    So his question is: after we finish our changes, can we revert the permissions to 644 without affecting the functionality of the sites? That’s crucial.

    cgc0202 Friend
    #260988

    <em>@anaivelisse 68031 wrote:</em><blockquote>Hi Cornelio-

    I think Mayke’s question is very important, because we have had to change server permissions from 644 to 777 in order to make alterations in the template and the modules.

    So his question is: after we finish our changes, can we revert the permissions to 644 without affecting the functionality of the sites? That’s crucial.</blockquote>

    Hi Ana,

    I understand, if you really had to do 644=>777.

    However, what changes are you referring to when you stated: ” we have had to change server permissions from 644 to 777 in order to make alterations in the template and the modules. “?

    I never did that with my Joomla installations, I use the default: 755 for directories and 644 for files from the beginning, as shown here:

    / public_html / jte15x400 / (Current Folder)
    Create New Folder
    Upload file(s)
    Up one level
    administrator 755
    cache 755
    components 755
    images 755
    includes 755
    language 755
    libraries 755
    logs 755
    media 755
    modules 755
    plugins 755
    templates 755
    tmp 755
    xmlrpc 755
    Create New File
    .htaccess 2 k 0644
    CHANGELOG.php 35 k 0644
    COPYRIGHT.php 1 k 0644
    CREDITS.php 12 k 0644
    INSTALL.php 4 k 0644
    LICENSE.php 17 k 0644
    LICENSES.php 29 k 0644
    configuration.php 2 k 0644
    configuration.php-dist 3 k 0644
    index.php 2 k 0644
    index2.php 0 k 0644
    robots.txt 0 k 0644

    Main

    I made changes in my current Joomla 1.5.4-JA Teline II v.4 (an upgraded version of the Joomla1.5.3-JA Teline II v1.4) without having to change the above default to 777 to make changes.

    What server do you use? And, why is there a need for 777?

    Cornelio

    anaivelisse Friend
    #260989

    Cornelio-

    I had to change permissions in my plug ins, component and template folders, to mention a few… My default was 644 not 755

    cgc0202 Friend
    #260991

    <em>@anaivelisse 68035 wrote:</em><blockquote>Cornelio-

    I had to change permissions in my plug ins, component and template folders, to mention a few… My default was 644 not 755</blockquote>

    Ana,

    Have you tried 755 for directories, and 644 for files, as final permissions settings? I think these are the suggested default. And, so far, I have no problems accessing the files and folders.

    I regularly change the configuration.php, css, index.php and they have always been 644. I do this via FTP.

    But, all other changes, I do through the Joomla Administrator. All my initial configurations are as shown above.

    Cornelio

    mayke Friend
    #261012

    <em>@anaivelisse 68031 wrote:</em><blockquote>Hi Cornelio-

    I think Mayke’s question is very important, because we have had to change server permissions from 644 to 777 in order to make alterations in the template and the modules.

    So his question is: after we finish our changes, can we revert the permissions to 644 without affecting the functionality of the sites? That’s crucial.</blockquote>

    Thank you Anna,

    You make everything more sharp and clear for what I am aiming for.
    Is very important to find out the ‘basic’ permission setting for Telline & joomla.
    Need learn a lot from you guys.

    mj1256 Friend
    #261016

    I have my own server and I run phpSuExec so nothing is ever given 777.

    here is a joomla tutorial on phpSuExec

    Permissions Under phpSuExec

    hostgator and many other hosting providers have this as standard install

    it solves many security issues, especially the injection and running of malicious scripts

    check it out

    mayke Friend
    #261048

    <em>@cgc0202 68037 wrote:</em><blockquote>Ana,

    Have you tried 755 for directories, and 644 for files, as final permissions settings? I think these are the suggested default. And, so far, I have no problems accessing the files and folders.

    I regularly change the configuration.php, css, index.php and they have always been 644. I do this via FTP.

    But, all other changes, I do through the Joomla Administrator. All my initial configurations are as shown above.

    Cornelio</blockquote>

    Hi Cornelio,

    Thank you for the great tutorial Cornelio!
    The reason I am asking is after read the articles from Dart Creation: how to Securing your Joomla! Website, then trying using JOOMLA DIAGNOSTICS diagnostics.php and upload it to my server, the results is amazing, too many warning and too many changes that I don’t know where is coming from Teline or joomla or me. Have you try this?
    Beside the Joomla it self forsure I need to find out on how to Securing your “Teline II Template”.
    I loved Teline II V1.4 too bad.

    Thank you guys.

    cgc0202 Friend
    #261053

    <em>@mayke 68100 wrote:</em><blockquote>Hi Cornelio,

    Thank you for the great tutorial Cornelio!
    The reason I am asking is after read the articles from Dart Creation: how to Securing your Joomla! Website, then trying using JOOMLA DIAGNOSTICS diagnostics.php and upload it to my server, the results is amazing, too many warning and too many changes that I don’t know where is coming from Teline or joomla or me. Have you try this?
    Beside the Joomla it self forsure I need to find out on how to Securing your “Teline II Template”.
    I loved Teline II V1.4 too bad.

    Thank you guys.</blockquote>

    Mayke,

    I am afraid I am not as up to date with Joomla security yet. I understand there are quite a few security risks. Starting with the registration. One of our goals in the Collaborative Support Group is for us to help each other find the resources needed.

    Because Joomla is strictly voluntary, they can only so much. For example there is already a white paper on how to improve the security of registration and login, since even before they even finished Joomla 1.5x, but those plans are on hold until Joomla 1.6.

    Cornelio

Viewing 10 posts - 1 through 10 (of 10 total)

This topic contains 10 replies, has 4 voices, and was last updated by  cgc0202 16 years, 5 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum