JoomlArt Forums 32,862 posts

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#133972

I first had my taste of a site being hacked, first time since after almost a decade of having my own sites. The curious thing was that it happened n an obscure domain and only one site there seemed to be vulnerable. What was definite was that it was from a Joomla 1.5.x where the default registration-login was used because I did not implement the usual “CB Registration/:Login” — the latter is not yet stable with Joomla 1.5.x

Anyway, I got the “suggestions” below from my hosting service.

First Question: PHP files permissions
Does Joomla 1.5.x -Joomlart work if, after the installation, all the files permissions have changed to 600, as suggested?

Also, based from Joomla1.5.7 update, it looks like the configuration.php has been changed to 444

Any other security measures that would be recommended?

Thanks.

Cornelio

Suggestions from hosting service

Quite possible that your account was compromised. Most account compromises are
initiated by using a remote command inclusion vulnerability within an existing
web application. This issue was likely the result of poor or lack of security on
the part of one or more user accounts, including shared or weak passwords,
insecure permissions on important configuration files ( allowing full read
access globally ), and other factors. Please be sure that the following steps
are taken to assist in preventing further intrusions:

– Perform a complete audit of your account and applications. Ensure that all
content available was made available only by yourself and that any information,
including applications login credentials that don’t match up are removed.

– Any PHP scripts should be chmod 600 at the very least. Any PHP scripts that
contain important information, such as MySQL database connection information
should be chmod 400. By Default these files are likely permissioned to 644 which
will allow global read access to the file by any user on the system.

– Any applications that are connecting to MySQL database should be doing so
with their own individual MySQL database login credentials. Never should a set
of credentials be recycled or used elsewhere. You should also avoid using your
system username and password as an authorization point for these applications.

– Passwords should be 16+ characters in length and contain a mixed case of
letters and numbers and should be modified on a regular basis ( twice monthly at
the very least ). A password should never be used for more than one service or
provider, ever!

– Any 3rd party or custom PHP, Perl and other web applications should be kept
up to date at all times. Subscribe to the software vendors security or update
notifications mailing list. If an application is no longer required or in use,
remove it completely. Disabling the application is not always a sure fire means
of disallowing intrusion attempts.

If you have trouble keeping track of your passwords, you may want to look into
using a solution such as the following, which I personally find to be quite
useful in both generating passwords and securely saving these details:
http://keepass.sourceforge.net/

[wooohanetworks Friend wooohanetworksJoin date: September 2008Posts: 1239Downloads:0Uploads:2 Thanks: 148 Thanked: 138 times in 41 posts]

#274310

The ridiculous aspect of the Joomla permissions is that the Joomla manual says that when the Joomla installation is stable and working one shall set all permissions from 755 to 644 (???). After that, when you do not have a own dedicated server and full control over it, the access to the Joomla site will be completely denied “access denied, you do not have permission…code 403”.

There is a tool called Joomla Defender that shall avoid PHP and other injections from outside, costs only around $20 and is made by another business extensions clubs. I have that for example.

[Author]

Posts