Sécurité des fichiers surun serveur

Séé of the files on a server (Was Re: Séé des fichiers sur un serveur)

Chris wrote:[color=blue]
> Bonjour,[/color]
<snip>

In future, please use English, this is internation newsgroup. Free
translation with Google (for others):

Hello,

Several files PHP of an open program source of meter of visits have
been just made hacker on my waiter (lodging mutualized in a supplier of
access). The hacker deposited a code obviously making it possible to
pass a script in argument while signing its passage (rory). I wanted
to know which was the best way of making safe these files. As it is a
Unix waiter, I already corrected the authorizations of writing which
were defective (Write all on the principal file!). But, is this
sufficient? What can I make of other? In advance thank you for your
assistance.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Re : Sécurité des fichierssur un serveur / files security on server




Le 30.8.2005 16:25, « Chris » <cmlrk7@hotmail .com> a écrit :
[color=blue]
> Bonjour,
>
> Plusieurs fichiers PHP d'un programme open source de compteur de visites
> viennent de se faire hacker sur mon serveur (hébergement mutualisé chez un
> fournisseur d'accès). Le hacker a déposé un code permettant visiblement de
> passer un script en argument tout en signant son passage (rory). Je voulais
> savoir quel était la meilleure façon de sécuriser ces fichiers. Comme c'est un
> serveur Unix, j'ai déjà corrigé les autorisations d'écriture qui étaient
> déficientes (un write all sur le dossier principal !). Mais, est-ce suffisant
> ? Que puis-je faire d'autre ?
>
> D'avance merci de votre aide.
>
> Christophe[/color]

Sorry, I am upset and I didn't see I sent my post to an english speaking PHP
newsgroup. I translate my message.

Some files from an open source software (log analyzer) I use have been
hacked on my server (commercial shared hosting). It is an Unix server and I
failed to set the proper permissions (I set chmod 777 on the main folder).
Now, I set the correct permission, but I wonder if I can do something else
to secure it.

Thanks for your help,

Christophe

Re: Séé of the files on a server (Was Re: Séé des fichiers sur un serveur)

I think it's funny that Google translated "serveur" (as in a web
server, file server, whatever) into "waiter".

Re: Re : Sécurité des fichiers sur un serveur / files security on server

Chris wrote:
[color=blue]
> Some files from an open source software (log analyzer) I use have been
> hacked on my server (commercial shared hosting). It is an Unix server and I
> failed to set the proper permissions (I set chmod 777 on the main folder).
> Now, I set the correct permission, but I wonder if I can do something else
> to secure it.[/color]

AW Stats perhaps? Upgrade and be sure to stay current and follow the
directions. Also, make sure that you protect the directory with a
password (Apache's Basic Auth should be enough) so people can't run the
script without the correct credentials.

--
Justin Koivisto, ZCE - justin@koivi.co m

Re : Re : Sécurité desfichiers sur un serveur / files security on server




Le 30.8.2005 20:39, dans 6KCdnZFkn8JoOon eRVn-vw@onvoy.com, « Justin
Koivisto » <justin@koivi.c om> a écrit :
[color=blue]
> AW Stats perhaps? Upgrade and be sure to stay current and follow the
> directions. Also, make sure that you protect the directory with a
> password (Apache's Basic Auth should be enough) so people can't run the
> script without the correct credentials.[/color]


Thanks for the tip.

Christophe