Re: Re: hacked!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




------------ Original Message ------------
> Date: Monday, October 06, 2014 22:07:25 +0200
> From: Christoph Becker <cmbecker69@xxxxxx>
> To: php-general@xxxxxxxxxxxxx
> Subject: Re:  Re: hacked!!
>
> Richard wrote:
> 
>> ------------ Original Message ------------
>>> Date: Saturday, October 04, 2014 13:50:30 -0400
>>> From: Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx>
>>> To: php-general@xxxxxxxxxxxxx
>>> Subject: Re:  Re: hacked!!
>>> 
>>> On 10/4/2014 1:35 PM, Christoph Becker wrote:
>>>> 
>>>> As Richard has repeatedly said, this all depends on who owns the
>>>> files/folders.  See
>>>> <http://en.wikipedia.org/wiki/File_system_permissions>.
>>>> 
>>> And as I have repeatedly said - I do not know these things.  It
>>> is a hosted server and the admins there set this all up.  I
>>> simply use it - apparently a little weaker than it s/b.
>> 
>> You should contact the server admins and find out the answers.
> 
> It is not strictly necessary to contact the hosting provider to
> get this information.  Besides using
> posix_getpwuid(posix_geteuid()) (which may be available or not),
> the following technique should work everywhere:
> 
> * upload a dummy file via FTP and check the owner (the FTP client
> should list this information)
> 
> * create a dummy file with PHP and check the owner
> 
> -- 
> Christoph M. Becker


Actually, the output of the phpinfo() function should show the user
and group that the server is running as. If the "user" is the same
as the login id that is being used to place files on the site, then
fully securing the site against hacking is tricky. If it's only the
"group" (or neither), then careful permissions control should have a
positive effect.

    - Richard



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux