CHMOD

New Member Joined: Feb 08, 2006 Posts: 14

Hi guys,
With all the probelms I've been having with NukeSentinel(tm) (Re:http://www.ravenphpscripts.com/postt9507.html)

I went looking for days trying to find an answer. As my host said that they DO allow .htaccess files.

Then I found this thread (http://www.ravenphpscripts.com/postt5560.html) and it works like a charm.

Still unable to use the "Admin Auth:" in Sentinel but i'm happy with the added security. (I hope its a good as protection than the "Admin Auth:")

However the question is now that this is all done should I CHMOD the .htaccess & .staccess to something else other than 777 as in the passed my .staccess has been hack. I feel that since this has happened before it will happen again. Can I rename it to something else? if so what other files should i change so as to not create a problem with the other files?

Thanks for all your help guys Especially Raven
Cheers

Coops

registered · Theme Guru Joined: Nov 01, 2003 Posts: 1006

they should be 666

Posted: Sat May 27, 2006 7:23 am

In de quickstart guide it says:

6 - If you are on a *nix server, chmod 777 .htaccess, .staccess, ultramode.txt

Which one should it be?

Posted: Sat May 27, 2006 7:27 am

everyone that I know only uses 666

Posted: Sat May 27, 2006 7:52 am

666 is fine - you can test that Sentienl can write to it by banning an IP.
If it fails to write then use 777

Posted: Sat May 27, 2006 10:01 pm

I set the CHOMD to 666 and my .staccess still got hacked last night.

How can they see it, if i cant even see it. When i go and type in [ Only registered users can see links on this board! Get registered or login! ] or .htaccess i cant even see it tells me im "forbidden" these mongrels are starting to s**t me. I've had 7 attempts in 4 days all through the .staccess and ultramode.txt files.

Can anyone help me with this please.

Cheers

Coops

Posted: Sun May 28, 2006 4:44 am

It is not possible to hack that file if the CHMOD is set to 666 UNLESS they have server access.
What other modules have you installed?
Please PM me a copy of your staccess file so I can see what they have done.

Posted: Sun May 28, 2006 5:40 am

Guardian2003 wrote:

Please PM me a copy of your staccess file so I can see what they have done.

I have sent you the details.

Thanks you so much for the help.

Cheers
Coops

Posted: Sun May 28, 2006 6:07 am

Let me know what happened with the advice I gave. I that worked for you I can use the advice for anyone else with a simliar issue.

Posted: Tue May 30, 2006 6:21 am

Hey Guardian,
Thanks for all ur helps, however there was no email addy. I will keep that in mind though for future use.

Ive ended up changing the name of the .staccess to another name and CHMODed it to 644 same with the ultramode.txt file as I dont use it.

Touch wood I haven't been hacked since Saturday. Not bad considering I was being attacked every night at once stage.

Thanks for all ur help everyone.

Cheers
Coops

Posted: Tue May 30, 2006 6:22 am

Not a problem, please do not hesitate to open another thread if problems persist.

Regular Joined: Jul 15, 2006 Posts: 64

So what's the safest course of action here? set them to 666? or will 644 work as well? I'd feel safer with them at 644.

Posted: Sun Jul 16, 2006 4:09 pm

644 is safer IF Sentinel can still write to the file.

Worker Joined: Nov 17, 2006 Posts: 222

if the stacceess is set to 644 can the CGI read the pw?
refer to htaccess if set to 644 the sentinel was unable to write.will the blocking be effective? or stop blocking the hacker?

Posted: Sun Nov 26, 2006 3:33 pm

.staccess needs only be 666 when you add a new admin and need to save that admin's NukeSentinel password. Once you have saved the passwords back into .staccess, you can change it back to 644. This is what I do.

.htaccess and .ftaccess must remain 666 (for most installations) if you want NukeSentinel to write to them (add IP blocks).