Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
raviwikey
New Member
New Member


Joined: Jan 29, 2006
Posts: 3

PostPosted: Fri Oct 13, 2006 9:36 pm Reply with quote

Hi,
I`m running Sentinal 2.5.02 on phpnuke 7.8.
My question is why sentinal asks to CHMOD as 666?
By doing so, it allows the public to view & write on my .*taccess files.

Code:
http://www.domainame.com/.staccess


shows CGIAuth IDs with encrypted passwords.


Do I supposed to change the chmoded permissions?
What affect would it make on my site?
 
View user's profile Send private message
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Fri Oct 13, 2006 10:07 pm Reply with quote

Have you made the edits to the .htaccess of your site that Sentinel had said to do?
.htaccess should be stoping that from working at all.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Fri Oct 13, 2006 11:22 pm Reply with quote

On certain setups, the Apache user is not run on the same group or user as the FTP user. So it may need public writable permissions for Sentinel to change the file.

Note: this does not mean that everyone world-wide can access and change your file. It just means other users on your webhost could possibly change them.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
raviwikey
PostPosted: Sat Oct 14, 2006 3:02 am Reply with quote

darklord wrote:
Have you made the edits to the .htaccess of your site that Sentinel had said to do?
.htaccess should be stoping that from working at all.


Yes, I have edited it as sentinal asked, and CGI Authorizationn works fine as expected. But whenever a hacker tried to access .staccess, he may easily collect my IDs & encrypted passwords. (Even if passwords are encrypted, why do we let him to view so). As you said .htaccess stops viewing it self, but not on .stacess.

PS: Reacently hacking attacks to the site has been increased. So I have to take all possible steps to avoid them.


Arrow If I chmod .staccess to 600 & .htaccess to 644, would it make any affects on site?
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Sat Oct 14, 2006 8:34 am Reply with quote

raviwikey, you have misunderstood. The lines in .htaccess that the NukeSentinel instructions have you add are denying access to .staccess from the web server point of view.

If you are like most, your .staccess file changes very rarely. So, setting it like you are suggesting is fine. Just remember that you have done this come time when you wish to regenerate it because you have added a new admin or a password has changed. Wink

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
raviwikey
PostPosted: Sat Oct 14, 2006 6:27 pm Reply with quote

Thanks for the good advice. I checked chmoding in that way & up to now it works fine.
Due to 600, now it stops from server level. And I understand that, I have return back to the previous status to make changes.

Thanks a lot
 
montego
PostPosted: Tue Oct 17, 2006 7:39 am Reply with quote

RavensScripts
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©