Posted on: 04/08/05 11:46am
By: Anonymous (MVK)
I have a geeklog site which i host myself on a linux (gentoo) apache webserver box.
Throughout the initial Geeklog installation process and other related geeklog installs (i.e. plugins etc) I remember using CHMOD to give access (read and write) to anyone/everyone (CHMOD 777 i think??). This was kinda due to my lazyness and lack of patience in just wanting to get it working asap.
I am now concerned that this means sections of my site are very much open to anyone and if i put the site live then i am practically begging to be hacked.
Is there any advice anyone can give?
Is there any such tool which will check all permissions to help give me a head start in securing my website/geeklog site and it's files?
Thanks in advance to anyone who can help.
MVK
to CHMOD or not to CHMOD.
Posted on: 04/08/05 12:36pm
By: knuff
why not start on the defensive mode
presuming your webserver user id is part of yoursite group.
presuming youruser is not root
chown -R youruser:yoursite /path/to/public_html
chmod -R 664 /path/to/public_html
presuming httpd is your webserver daemon user
chown -R httpd logs/
chown -R httpd data/
chown -R httpd public_html/backend/
chown -R httpd public_html/images/articles
chown -R httpd public_html/images/userphotos
chmod -R 775 logs/
chmod -R 775 data/
chmod -R 775 public_html/backend/
chmod -R 775 public_html/images/articles
chmod -R 775 public_html/images/userphotos
Should be OK I guess for a basic GL installation, offcourse if any plugins like the filemanagement needs additional rights you should add them.
But I guess this is the fastest to a simple lockdown of your site.
Best Regards,
Boris
to CHMOD or not to CHMOD.
Posted on: 04/08/05 02:15pm
By: Anonymous (MVK)
thank you for the speedy reply. i feel that little bit more comfortable now.
MVK