Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: must it be 777?  (Read 5508 times)

0 Members and 1 Guest are viewing this topic.

tumnus

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
    • http://www.thedarkbasement.com
must it be 777?
« on: January 03, 2005, 08:00:37 pm »

Hiya. I've just gone through the arduous and boring task of re-uploading and re-filling a client's coppermine gallery. I admin it, and he does the uploads.
Last week though, all the folders in his gallery with 777 permissions have been utterly cleared out.
My ISP is getting back to me with the server logs, but is there any means by which i can avoid this is future?
must it be 777?

and anyway, i presume the average http user wouldn't know how to do this, right?
Logged
Be kind, man. Don't be mankind.

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: must it be 777?
« Reply #1 on: January 03, 2005, 09:05:08 pm »

There's a good post on simplemachines.org about permissions, and I believe GauGau has posted the link to it in one of his recent posts.  This sounds like an "inside job", and in that case permissions wouldn't really matter.  If your ISP didn't upgrade to 4.3.10 and fell victim to the latest worm, permissions also won't stop that.  However, depending on server setup, 755 works just fine.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

tumnus

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
    • http://www.thedarkbasement.com
Re: must it be 777?
« Reply #2 on: January 03, 2005, 09:15:52 pm »

hmmm.... it's curious, as other little scripty bits on the server (outside of the cpg folder) which are 777'd seem fine.
It's all a bit daft, really... the gallery was only started and it's owner & i are the only users. he's not even an admin.
the whole albums dir was empty, with not even user folders inside too. It even happened to his private cpg elsewhwere on the server which nobody ever goes to. sounding wormy still?
we'll see what goes on when they dig me up the logs. in the meantime i'll 755 things and we'll see how it goes.

station

btw, how would i check if my isp does have 4.3.10? telnet?
« Last Edit: January 03, 2005, 09:23:08 pm by tumnus »
Logged
Be kind, man. Don't be mankind.

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: must it be 777?
« Reply #3 on: January 03, 2005, 09:22:00 pm »

In coppermine Admin Tools, there is a link to phpinfo.
Logged

tumnus

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
    • http://www.thedarkbasement.com
Re: must it be 777?
« Reply #4 on: January 03, 2005, 09:27:32 pm »

what, am i looking at the bit that says
system: Linux server10.****.com 2.4.20-27.7smp #1 SMP Thu Dec 11 14:50:55 EST 2003 i686

...or another field?
Logged
Be kind, man. Don't be mankind.

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: must it be 777?
« Reply #5 on: January 03, 2005, 09:30:00 pm »

It's the part right above that says PHP Version.
Logged

tumnus

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
    • http://www.thedarkbasement.com
Re: must it be 777?
« Reply #6 on: January 03, 2005, 09:35:56 pm »

it does have 4.3.10. but is the date in the previous string the date it was updated?
this gallery downing may have happened earlier than that...
Logged
Be kind, man. Don't be mankind.

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: must it be 777?
« Reply #7 on: January 03, 2005, 09:40:35 pm »

I have host accounts on 2 servers and the Build Date corresponds with the dates the webhost said they updated PHP on the server.
Logged

Nibbler

  • Guest
Re: must it be 777?
« Reply #8 on: January 03, 2005, 09:47:02 pm »

The date is when the linux kernel being used was compiled, and is 2003, so long before the losses occured I would have thought.
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: must it be 777?
« Reply #9 on: January 03, 2005, 10:05:05 pm »

Just to clarify, the Build Date is in the row below the line mentioned above.
Logged

tumnus

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
    • http://www.thedarkbasement.com
Re: must it be 777?
« Reply #10 on: January 03, 2005, 10:17:43 pm »

oh, 2003, but of course. thanks....

i'll have to see what the logs dredge up
Logged
Be kind, man. Don't be mankind.
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 19 queries.