Webmaster World Forum http://www.webmasterworld.com

Page is a not externally linkable
- WebmasterWorld
-- Webmaster General
---- Website HACKED - help!

AlexK - 11:58 am on Dec 13, 2009 (gmt 0)

Hi uhwebs, welcome to WebmasterWorld.

Are your pages pure HTML or PHP?

Let's try to tackle this permission issue for you. Yes, there is a technical issue to get to grips with but--if you want to run a website--you NEED to get to grips with it.

There are two things to look at:

Directory permissions
File permissions

The basic issue is to allow the web-server software to read, but NOT write, into any public-visible directory.

I'm going to assume here that your software is `Apache', with a user-name of `apache-user' and a group-name of `apache-group'. It does not matter what the actual software is, nor what the names are, but you do need to know what they are.

This is the sort of thing that you want to see:

ls -al
drwxr-xr-- 7 root apache-group 4096 Dec 13 00:17 .
drwxr-xr-x 22 root root 4096 Dec 9 17:34 ..
-rwxr--r-- 1 root apache-group 36336 Dec 12 13:17 good_file.html
-rwxr--r-- 1 root apache-group 36336 Dec 12 13:17 good_file.php
-rwxrw-r-- 1 root apache-group 36336 Dec 12 13:17 bad_file.php
-rwxrwxr-- 1 root apache-group 36336 Dec 12 13:17 even_worse_file.php

This looks complex, but is easy when you break it down.

The first 10 characters are the permissions:

1st char: type of file (`d' = directory)
Next 3 chars: owner permissions (here is `root')
Next 3 chars: group permissions (here is `apache-group')
Next 3 chars: everyone permissions (notice is `read-only')

These are the permission types:

`r' = read-permission (value = 4)
`w' = write-permission (value = 2)
`x' = execute-permission (value = 1)

Thus:
`r--' = 4
`r-x' = 5
`rw-' = 6
`rwx' = 7

The most important one is the value of the `.' (dot) file, which is the permissions of the directory that you are looking at, followed next by the permissions of the files themselves.

A 0750 permission for the dot-file is fine, ***as long as the `apache-user' does not own the directory***. The files--whether HTML or PHP--can have 0640 permissions, giving read-only permission for the Webserver software. In that situation, your site can NOT be hacked.

You can get some info by putting the following into a file & uploading it, then loading it (remove after):

<?php
phpinfo();
?>

(as an example, your webserver software is usually reported under `_SERVER["SERVER_SOFTWARE"]'.

I *never* changed the permissions

If your permissions were correct in the first instance, then your server itself has been hacked.

Thread source:: http://www.webmasterworld.com/webmaster/4042154.htm
Brought to you by WebmasterWorld: http://www.webmasterworld.com