Files Uploaded Via Scripts & Joomla Have 600 Permissions

Jun 26, 2007

I've recently started experiencing some issues where files uploaded through Joomla or some other scripts (mostly PHP) inherit a permission of 600. Prior to updates being done on the server I'm hosted on, uploaded files received 644 permissions and all things worked great.

I've checked the umask that assigned to the shell (022) and have ruled out that as a problem.

View 7 Replies


ADVERTISEMENT

Filter Uploaded Files

Mar 5, 2008

I want to filter any files uploaded and i have put this line at php.ini
suhosin.upload.verification_script = /my path

But my problem till now i can not make this script. (Disable upload php files)

View 1 Replies View Related

Problem With Files Owned By 'nobody' When Uploaded

Aug 4, 2007

I used to have my apache 1.3.37 with PHP compiled as a CGI. Whenever i have a php script (say vbulletin forum software) that allow file uploads, files will be uploaded with the correct userid and groupid on the server. However, once i compiled PHP as ISAPI module, the files will be uploaded but will be owned by 'nobody'. Of course i can log in as root and chown it back to the right user, but it's a hassle if there are multiple user accounts on the server and they're using php software on their end. If someone is using an ftp program and tries to overwrite that uploaded file that's owned by nobody, it will not let them do so. Is there a way to fix this, or change the config files that would fix it?

View 3 Replies View Related

Plesk 12.x / Linux :: Folder Permissions / Joomla Installer - Could Not Copy Setup File

Mar 17, 2015

Ok, new to Plesk, trying to move from ispconfig. So I have Plesk 12 running on Centos 6 64bit in a VPS. I figured out how to upgrade PHP and now I have installed my first website. The website is joomla based but I am getting the below error when installing components:

Warning
Copy failed.

JInstaller: :Install: Failed to copy file /var/www/vhosts/virtual-sim-racing.com/httpdocs/home/tmp/install_55081e65af5fe/pkg_kunena.xml to /var/www/vhosts/virtual-sim-racing.com/httpdocs/home/administrator/manifests/packages/pkg_kunena.xml

Package Install: Could not copy setup file.

This suggest to me a permissions issue - but what to do with it. I have checked all of the relevant Joomla folder permissions and they are all showing as writeable, so it looks like something outside of that?

I don't want to have to stick with ispconfig much longer ...

View 7 Replies View Related

How To Find How And Who Uploaded Files- Spam - Action I Can Take

Mar 27, 2009

I have a dedicated server, the server itself is secure (as far as I know) and I run lots of my sites from it. I offered a friend hosting for his flash based chat application he built.

Today I was contacted by someone; "Are you the owner of xxxx.net?" so I informed that yes, it was my server and they then showed me an email they'd received from my server. I did a search and apparently someone uploaded mail.php and a couple of files it was using to send out spam based upon a variety of conditions that the other files met. The files contained forenames and surnames, it'd use a forename and a surname then send it to popular free mail services. The email contained ramblings about new world order and promoted a website.

How can I find out how they got the files uploaded to the account and what action can I take? I checked the whois for the domain and have their contact information, however it's a large site so I'm doubtful that the owner did it. I don't want my servers IPs being blacklisted for spam :|

View 3 Replies View Related

Stoping Malicious Files From Being Uploaded ( Cpanel)

Jun 27, 2009

I am wanting to know if there is a way to stop files being uploaded to my vps, via ftp cpanel etc that are malicious..

I have been told there is a way to do this but i havent been told how..

Basicaly i want to know if there is something where i can add a list of keywords that are in the malicious files and what ever it is will stop them from being uploaded or if they manage to get uploaded onto my vps will it make them not work?

I am looking into this as i had an issue before where someone uploaded a shell onto my server :@ luckily it didnt cause no damage or he didnt get anywhere but i still want to be safe.

View 5 Replies View Related

Limit The Size Of Uploaded Files Using VSFTPD

May 26, 2007

I have a RHEL 4 plain server, and im using vsftpd server, i can not find an option to specify the max size for uploading files... does anybody know something about this?

View 1 Replies View Related

Plesk 11.x / Linux :: Can't See Files Which Are Uploaded With Script

Mar 1, 2014

I am using a upload script for my files. After upload i cant see them on ftp but can see on panel file manager.

View 9 Replies View Related

Apache :: Created FTP Account With Vsftp And Files Uploaded Are Not Readable

Jan 17, 2014

I created a FTP account with vsftp and files uploaded are not readable via www-data

View 1 Replies View Related

Copy Files/dir Without Permissions

Apr 17, 2007

I am trying to copy files from one account to another through SSH, files copy with old account permissions and ownership.

Is this possible when I copy, ownership autometically changed to new account.

I am using CPanel and have root access.

View 2 Replies View Related

How To Change Php Files Permissions In Directory And Subdirectory At Once

Nov 9, 2007

How to Change php files permissions in directory and subdirectory at once ?

I want to change the permissions of php permissions to be 644 in /home/user/public_html/forum and all forum subdirectory using SSH.

View 2 Replies View Related

Plesk 11.x / Windows :: How To Change Permissions For Multiple Files At Once

Sep 9, 2013

How can I change permissions of a lot of files through plesk file manager without selecting one by one?

View 2 Replies View Related

How NOT To Require CHMOD 755 Permissions To Create, Write And Delete Files On Linux

Dec 30, 2008

On my previous server and on some other hosts, I was able to write to files (for example with PHP) without having to chmod the files first.

Now I cannot, and files are required to be chmoded properly so I can write to them.

I cannot even touch() a file with PHP.

Is there any way to have this permissions removed?

I don't want to chmod the all thing, all I want is to change the configurations so I can fwrite() or file_put_contents() normally.

I's a dedicated un-managed server, so basically any advanced configurations can be done.

View 8 Replies View Related

Plesk 11.x / Linux :: Python Permissions To Write Files In Another Web Space On Same Server

May 15, 2014

I have a python script that generates images and is able to write them into a directory on the same web space

However, I would like the same script to write files into another directory located in the web space of another domain on the same server.

For example, script lives here...
/var/www/vhosts/domain1.com/httpdocs/scripts/myscript.py

this works...
/var/www/vhosts/domain1.com/httpdocs/scripts/images/

this fails...
/var/www/vhosts/domain2.com/httpdocs/web/images/

The directory structure already exists, so there is no need to create any new directories

I have tried setting permissions for the destination "images" directory to 777 and that didn't work.

Do I need to specify something within Plesk to enable it to write to another directory?

View 6 Replies View Related

FTP - Uploaded File Not Overwriting

Jan 5, 2008

Does anybody understand what is going on here?

Here is the problem:

I log in to FTP and I try and upload an updated file (the file already exists on server). It prompts me to overwrite and I say yes but when I refresh/check the site the page hasnt changed - I then tried uploading the file again and it still says the existing file size (so I know it hasnt been replace).

Any idea why it it not overwriting?

The files are CHOWNed my the owner (FTP user) which is myself.

View 11 Replies View Related

Uploaded File Size 0 KB

Feb 2, 2008

I uploaded my file to web server(html, image file and css file), but strangely after uploaded it to server all file that I uploaded size 0 KB. I uploaded it using WS FTP.

Is there something wrong the way I uploaded it.

View 2 Replies View Related

Someones Uploaded A Phishing Site

Jul 31, 2007

Someones managed to upload a phishing site to my VPS.

How do they normally achieve this, there has been no unauthorised root access as I get e-mail each time someone log in as root.

Is it likely they've just managed to guess my ftp password, or is it going to have something to do with a script running elsewhere?

I've got solarvps looking at it now.

View 14 Replies View Related

Shell Uploaded - Site Hacked - How To Trace ?

Nov 6, 2008

Shell uploaded - Site hacked - How to trace?

Many of my customers let me know that their websites had been hacked. I think it comes from local hacker ....

View 7 Replies View Related

How Many Websites Can Be Uploaded To One Single Webspace Account

Oct 20, 2008

How many websites can be uploaded to one single webspace account

View 9 Replies View Related

[newmailcgi] Recently Uploaded CGI Scripts On CPanel Server

Dec 11, 2007

Whenever someone uploads or re-uploads to my server a file relating to a CGI script that sends mail, I get an email with something like:

Quote:

Note: If this is the first time you received this mail, it contains the history for the entire month so far.

Below are the recently upload scripts that contain code to send email. You may wish to inspect them to ensure they are not sending out SPAM.

/home/xxxxxxx/public_html/followup/send2.php:106: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send2.php:107: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send2.php:108: }
---
/home/xxxxxxx/public_html/followup/send.php:100: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send.php:101: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send.php:102: }
---

What steps can I take to actually inspect them to ensure they are not sending out SPAM?

View 2 Replies View Related

Best Host For Joomla

Jan 30, 2009

I am currently on a host that is offering unlimited bandwidth, however they are not that great as the site keeps going slow.

View 18 Replies View Related

Webhost -use Joomla

May 10, 2009

I am in charge of making a website for a charter school. Where I stand right now is I am going to use Joomla, and I assume Fantastico. Now where I am still stuck is with a webhost. Every time I locate one that sounds good (editor's picks, and such), I read the feedback comments and find tons of complaints. Can someone recommend one please. Under $10; user friendly; accepts Paypal would be very helpful. I went to get Bluehost, as an example, from some reviews I read, and then I read the feedback section. I don't think I understand the terms enough to make a choice on my own,

View 14 Replies View Related

Joomla + VPS Performance

Dec 9, 2008

I currently have a VPS in the UK that I host my clients joomla sites off and the specs of this VPS server are as below:

- 20 GB SA-SCSI Disk Space
- 350GB bandwidth
- Full root access / Parallels/WHM/cPanel
- 2 Dedicated IPs
- 384 MB SLM RA

I am now running around 10 joomla based sites off of this VPS, 5-6 of which are Ecommerce based sites. Whilst I am probably only using 10gb of the overall disk-space so far, in terms of performance, should I continue to add clients to this server or should I keep the more hungry sites on this server and move some of the less resource intensive non-ecommerce sites to another VPS? Or would it be in my best interest to upgrade to a Dedicated server where I will have all my own resources?

View 6 Replies View Related

Joomla VPS Host

May 20, 2008

I have a joomla site running on a new unmanaged VPS at FutureHosting.biz and it is performing very poorly.

I am not a server admin but i copy the same CMS and database to a shared account i have access to and the site runs much faster. That shared account happens to be a SiteGround server which if possible, i would like to stay away from.

I have had bad experience with SG so i am contemplating, MidPhase, as an option for VPS support.

I was also considering LunarPages and HostGator but their recent datacenter problems and poor reviews i want to stay away from them as well.

I really want to find a quality host who has experience managing large joomla based sites.

View 13 Replies View Related

How Secure Is Joomla

May 7, 2008

Is it good security wise?

View 11 Replies View Related

Joomla With Linux

Jun 1, 2008

I have installed joomla and now i m installing some extension but when i install extension i m getting error ------------>

JFolder::create: Path not in open_basedir paths
Unable to create destination

View 1 Replies View Related

Hosting For Joomla

Jun 15, 2008

I am going to start a new personal / business website which will feature articles along with pictures and few videos, all managed through Joomla. I recently visited the official Joomla forum and found a thread which posted guidelines on choosing a proper Joomla hosting.

forum.joomla.org/viewtopic.php?t=95678

3. The most security conscious hosts turn PHP's Register Globals directive OFF by default. The next best allow you to turn it off in local .htaccess or php.ini files. A host that requires you to run a site with Register Globals ON should be avoided. This is true for any PHP enabled site, whether or not you are running Joomla!. There is a legitimate argument to be made by hosts for keeping Register Globals ON for PHP4 sites. This is that it would break too much legacy code. This argument should not be accepted for a PHP5 installation. Beginning with PHP5, the official PHP recommendation was to keep Register Globals is OFF. Note that beginning with PHP6, there will not even be a Register Globals setting, so don't get caught in a Register Globals backwater. Modify your code to work without Register Globals, and choose a host that encourages such practices.

6. Be sure users on your shared server can't view each other's files and databases, for example through shell accounts and cpanels.

7. Choose a host that provides real information about security compromises, rather than simply shutting your site down. Check their user forums for evidence of how they've responded to cracks in the past. A good host may for example, inform you immediately that a security breach has occurred and will quarantine the problem file for you, while leaving it there for further investigation. A poor host will shut your site down and provide very limited information on why. Watch out! All too many do this.

8. Be sure you have access to raw server logs. Reading these logs is a vital part of site security and recovery.

9. Choose a host that limits the number of users per machine and the average CPU load per machine to some reasonable number (depending on hardware). Be sure they proactively move user sites as needed to balance load. Check the number of domains on a server using reverse IP lookup.

10. Choose a host that manages it's own data center. Check the data center infrastructure, such as redundant Internet access, hot swappable backups, full daily backups, environment and access controls, emergency generators, etc.

11. Check that your host is not at risk of having its IP addresses blocked because it hosts porn or SMAM sites.

What alarmed me was #3, #6-#11

My Question is, how the hell am I supposed to check for these flaws? I thought I was going to settle down with Hostgator or Hostmonster, but now I am not sure.

If Hostmonster or Hostgator do not meet these requirement, can someone be kind enough to suggest some?

I don't expect that much of traffic, so I want to keep the budget minimal: below $8. I know that by limiting this budget, I am limiting the quality of hosting, but I am not ready to commit my resource to my first site: just an experimentation of my limits.

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved