-
AuthorPosts
-
mayke Friend
mayke
- Join date:
- May 2008
- Posts:
- 281
- Downloads:
- 0
- Uploads:
- 1
- Thanks:
- 55
- Thanked:
- 13 times in 1 posts
July 20, 2008 at 8:49 pm #131102Hi experties,
After we do the changes in Telline.
How do we securing our site back with the right permission, but Telline still works fine.
And what others that we should do beside the permission issue to keep safe the site?
Is anyone able to give me the information?Thank you guys.
cgc0202 Friend
cgc0202
- Join date:
- August 2007
- Posts:
- 2244
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 206
- Thanked:
- 262 times in 1 posts
July 20, 2008 at 10:34 pm #260982<em>@mayke 68012 wrote:</em><blockquote>Hi experties,
After we do the changes in Telline.
How do we securing our site back with the right permission, but Telline still works fine.
And what others that we should do beside the permission issue to keep safe the site?
Is anyone able to give me the information?Thank you guys.</blockquote>
Hi mayke,
Do you have a site that we can view? What version of Joomla are you using? I am not an expert on this, but to control registration, I use Community Builder (CB). In the Component configuration, you can specify that you have to approve whoever registers before they can login to your site. The default registration/login with Joomla does not have that feature.
I have some problems with the new version of the Community Builder (CB), CB v1.2RC2. This maybe because of my server.
Other customers here suggested JUGA, to control who can read specific pages, if you want. I have not used it yet.
Cornelio
anaivelisse Friend
anaivelisse
- Join date:
- May 2008
- Posts:
- 155
- Downloads:
- 0
- Uploads:
- 13
- Thanks:
- 27
- Thanked:
- 18 times in 1 posts
July 20, 2008 at 10:54 pm #260985Hi Cornelio-
I think Mayke’s question is very important, because we have had to change server permissions from 644 to 777 in order to make alterations in the template and the modules.
So his question is: after we finish our changes, can we revert the permissions to 644 without affecting the functionality of the sites? That’s crucial.
cgc0202
- Join date:
- August 2007
- Posts:
- 2244
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 206
- Thanked:
- 262 times in 1 posts
July 20, 2008 at 11:23 pm #260988<em>@anaivelisse 68031 wrote:</em><blockquote>Hi Cornelio-
I think Mayke’s question is very important, because we have had to change server permissions from 644 to 777 in order to make alterations in the template and the modules.
So his question is: after we finish our changes, can we revert the permissions to 644 without affecting the functionality of the sites? That’s crucial.</blockquote>
Hi Ana,
I understand, if you really had to do 644=>777.
However, what changes are you referring to when you stated: ” we have had to change server permissions from 644 to 777 in order to make alterations in the template and the modules. “?
I never did that with my Joomla installations, I use the default: 755 for directories and 644 for files from the beginning, as shown here:
/ public_html / jte15x400 / (Current Folder)
Create New Folder
Upload file(s)
Up one level
administrator 755
cache 755
components 755
images 755
includes 755
language 755
libraries 755
logs 755
media 755
modules 755
plugins 755
templates 755
tmp 755
xmlrpc 755
Create New File
.htaccess 2 k 0644
CHANGELOG.php 35 k 0644
COPYRIGHT.php 1 k 0644
CREDITS.php 12 k 0644
INSTALL.php 4 k 0644
LICENSE.php 17 k 0644
LICENSES.php 29 k 0644
configuration.php 2 k 0644
configuration.php-dist 3 k 0644
index.php 2 k 0644
index2.php 0 k 0644
robots.txt 0 k 0644Main
I made changes in my current Joomla 1.5.4-JA Teline II v.4 (an upgraded version of the Joomla1.5.3-JA Teline II v1.4) without having to change the above default to 777 to make changes.
What server do you use? And, why is there a need for 777?
Cornelio
anaivelisse
- Join date:
- May 2008
- Posts:
- 155
- Downloads:
- 0
- Uploads:
- 13
- Thanks:
- 27
- Thanked:
- 18 times in 1 posts
July 20, 2008 at 11:28 pm #260989Cornelio-
I had to change permissions in my plug ins, component and template folders, to mention a few… My default was 644 not 755
cgc0202
- Join date:
- August 2007
- Posts:
- 2244
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 206
- Thanked:
- 262 times in 1 posts
July 20, 2008 at 11:36 pm #260991<em>@anaivelisse 68035 wrote:</em><blockquote>Cornelio-
I had to change permissions in my plug ins, component and template folders, to mention a few… My default was 644 not 755</blockquote>
Ana,
Have you tried 755 for directories, and 644 for files, as final permissions settings? I think these are the suggested default. And, so far, I have no problems accessing the files and folders.
I regularly change the configuration.php, css, index.php and they have always been 644. I do this via FTP.
But, all other changes, I do through the Joomla Administrator. All my initial configurations are as shown above.
Cornelio
mayke
- Join date:
- May 2008
- Posts:
- 281
- Downloads:
- 0
- Uploads:
- 1
- Thanks:
- 55
- Thanked:
- 13 times in 1 posts
July 21, 2008 at 2:15 am #261012<em>@anaivelisse 68031 wrote:</em><blockquote>Hi Cornelio-
I think Mayke’s question is very important, because we have had to change server permissions from 644 to 777 in order to make alterations in the template and the modules.
So his question is: after we finish our changes, can we revert the permissions to 644 without affecting the functionality of the sites? That’s crucial.</blockquote>
Thank you Anna,
You make everything more sharp and clear for what I am aiming for.
Is very important to find out the ‘basic’ permission setting for Telline & joomla.
Need learn a lot from you guys.mj1256 Friend
mj1256
- Join date:
- June 2007
- Posts:
- 1473
- Downloads:
- 10
- Uploads:
- 35
- Thanks:
- 84
- Thanked:
- 225 times in 118 posts
July 21, 2008 at 2:57 am #261016I have my own server and I run phpSuExec so nothing is ever given 777.
here is a joomla tutorial on phpSuExec
hostgator and many other hosting providers have this as standard install
it solves many security issues, especially the injection and running of malicious scripts
check it out
3 users say Thank You to mj1256 for this useful post
mayke
- Join date:
- May 2008
- Posts:
- 281
- Downloads:
- 0
- Uploads:
- 1
- Thanks:
- 55
- Thanked:
- 13 times in 1 posts
July 21, 2008 at 4:30 am #261048<em>@cgc0202 68037 wrote:</em><blockquote>Ana,
Have you tried 755 for directories, and 644 for files, as final permissions settings? I think these are the suggested default. And, so far, I have no problems accessing the files and folders.
I regularly change the configuration.php, css, index.php and they have always been 644. I do this via FTP.
But, all other changes, I do through the Joomla Administrator. All my initial configurations are as shown above.
Cornelio</blockquote>
Hi Cornelio,
Thank you for the great tutorial Cornelio!
The reason I am asking is after read the articles from Dart Creation: how to Securing your Joomla! Website, then trying using JOOMLA DIAGNOSTICS diagnostics.php and upload it to my server, the results is amazing, too many warning and too many changes that I don’t know where is coming from Teline or joomla or me. Have you try this?
Beside the Joomla it self forsure I need to find out on how to Securing your “Teline II Template”.
I loved Teline II V1.4 too bad.Thank you guys.
1 user says Thank You to mayke for this useful post
cgc0202
- Join date:
- August 2007
- Posts:
- 2244
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 206
- Thanked:
- 262 times in 1 posts
July 21, 2008 at 4:53 am #261053<em>@mayke 68100 wrote:</em><blockquote>Hi Cornelio,
Thank you for the great tutorial Cornelio!
The reason I am asking is after read the articles from Dart Creation: how to Securing your Joomla! Website, then trying using JOOMLA DIAGNOSTICS diagnostics.php and upload it to my server, the results is amazing, too many warning and too many changes that I don’t know where is coming from Teline or joomla or me. Have you try this?
Beside the Joomla it self forsure I need to find out on how to Securing your “Teline II Template”.
I loved Teline II V1.4 too bad.Thank you guys.</blockquote>
Mayke,
I am afraid I am not as up to date with Joomla security yet. I understand there are quite a few security risks. Starting with the registration. One of our goals in the Collaborative Support Group is for us to help each other find the resources needed.
Because Joomla is strictly voluntary, they can only so much. For example there is already a white paper on how to improve the security of registration and login, since even before they even finished Joomla 1.5x, but those plans are on hold until Joomla 1.6.
Cornelio
1 user says Thank You to cgc0202 for this useful post
-
AuthorPosts
This topic contains 10 replies, has 4 voices, and was last updated by 
We moved to new unified forum. Please post all new support queries in our New Forum