Mass Web Defacements - ATTENTION PLEASE!

[Elik]

Greetings,

We help what we can, but majority of the issues are due to the old code and insecure programming, which they have to resolve and fix themselves, but we do remove the stuff though.

[GhostRider2110]

exdiogene,

Nothing prevents you from sharing your cleaning code with the rest of the community here in the forums and them choosing to use it.

And I think we have beaten this to death. I have requested a new category be created for Security and Amir has agreed. This is for anyone to report or discuss security issues they find or hear about.

I have enjoyed the discussion here and that is what prompted me to ask for the security category. Hope this helps in the future to get the message out along with the new customer communication tools Amir announced the other day....

See-ya

[drachma]

All,
New security thread is now available.

http://forum.micfo.com/forumdisplay.php?f=62

This thread has been moved.

[RonG]

OK, so for those in the middle of the road (when it comes to knowledge) - is making sure all my files/directories are setup as 755 the best thing to do to protect from hacking?

In the root directory, the 'www' symlink is 777 and pointed to 'public_html', which is 755. Is this a problem?

Thanks,

RonG

[GhostRider2110]

RonG,

No the symlink "honors" the perms of the object (file or directory) it is linked to.

See-ya

[RonG]

Thanks for the info on the symlink, but what about setting the perms for the other stuff - is that the right way to protect my stuff?

[drachma]

Yessir, 755 would be great.
Checkout this great resource:
joomlatutorials.com/faq/view/joomla_security_tips/permissions_under_phpsuexec/60.html