osCommerce and osCMax shopping cart software forums

Shopping Cart Software

osCommerce with teeth!

 
 

777 permission files and folders hacked

This is a discussion on 777 permission files and folders hacked within the osCMax v2 Installation issues forums, part of the osCMax v2.0 Forums category; Dear all We have several osCMax sites all with the current security patches etc however there seems to be a ...


Go Back   osCommerce and osCMax shopping cart software forums > osCMax v2.0 Forums > osCMax v2 Installation issues

777 permission files and folders hacked 777 permission files and folders hacked

Register FAQ Members List Calendar Mark Forums Read


Free community membership! Fast easy FREE membership
Closed Thread

 

LinkBack Thread Tools
  #1  
Old 01-11-2006, 08:08 PM
New Member
  
Join Date: Dec 2004
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
trap
Default 777 permission files and folders hacked
Dear all

We have several osCMax sites all with the current security patches etc however there seems to be a problem with hackers exploiting any file or folder with 777 permission.

They then place 3 files via a script which you can usually tell by the timestamp however they are not always named the same: eg guest.php. include.php and always .htaccess can be found in images folder (because of the 777 permission) The script then searches through 777 files and injects some code so that when your site loads it calls the other files it has placed on server. You may or may not even notice your site has been hacked until you physically look at the files.

It does this in EVERY world writeable directory and file it can find on the site eg mainfile.php ,/tmp folder, /cache folder /temp folder. All of these files are required to run OsCmax correctly as I understand.

My Question is this. Will these files / folder or osCMax in general work correctly if the 777 permission is changed to 755 permission allowing image uploads and EP etc to work correctly.

Look forward to your response.

Kind Regards
Trap
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Sponsored Links
Advertisement
  #2  
Old 01-17-2006, 06:18 AM
deviantla's Avatar
New Member
  
Join Date: Jan 2006
Posts: 28
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0
deviantla
Default RE: 777 permission files and folders hacked
After install I changed all my permissions back (folders to 755 & files to 644). Everything works fine for me.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Sponsored Links
Advertisement
Closed Thread

« Installation not working | https:// Admin redirects to http:// »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
changing permission on files jschafer52 osCommerce 2.2 Discussion 1 09-26-2005 09:13 PM
Call for Mods : Have you hacked in a mod to your shop? michael_s osCMax v1.7 General Mods Discussion 14 06-02-2005 10:08 PM
Quantity Tracking Pro - anyone hacked this into MS2 MAX ? malcol27 osCMax v1.7 General Mods Discussion 0 02-20-2005 07:10 AM
What folders to secure? PrettyWolfie osCommerce 2.2 Modification Help 4 08-01-2004 02:51 AM
Images folders starview osCommerce 2.2 Modification Help 2 07-28-2004 11:11 AM


All times are GMT -8. The time now is 12:13 PM.

osCMax Home - Site Map - Top

Powered by vBulletin®
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO
http://www.oscmax.com/forums/
Copyright 2008 osCMax