file permissions / site hacked
Permalink
In the last week I have had my site hacked multiple times, each time I have found and removed the php file. The hacks are the viagra spam variety. Im going through the site now via sftp trying to figure out where they are gaining access. One thing that a I noticed is that a lot of the files in packages have permissions set at 777
Is this something I should be concerned about? I was always under the impression that giving write access to world was a bad idea, but this seems to be the default setting on most of the c5 files Ive found in packages. If I change them to 744 would that cause issues? In packages I have
core_commerce
core commerce import
grunge columns theme
iframe
premium google map
remo sql buddy
simple cast
slayer1551_facebook_gallery
wordpress for concrete 5
I keep all blocks updated and current, but I don't know if that is how someone is gaining access to my site. I haven't installed anything new recently, but the Hacks all started over the last week.
The site error that showed up when the hack happened was posted in the below thread.
http://www.concrete5.org/community/forums/usage/website-index-error...
Is this something I should be concerned about? I was always under the impression that giving write access to world was a bad idea, but this seems to be the default setting on most of the c5 files Ive found in packages. If I change them to 744 would that cause issues? In packages I have
core_commerce
core commerce import
grunge columns theme
iframe
premium google map
remo sql buddy
simple cast
slayer1551_facebook_gallery
wordpress for concrete 5
I keep all blocks updated and current, but I don't know if that is how someone is gaining access to my site. I haven't installed anything new recently, but the Hacks all started over the last week.
The site error that showed up when the hack happened was posted in the below thread.
http://www.concrete5.org/community/forums/usage/website-index-error...
http://www.concrete5.org/community/forums/customizing_c5/site-hack-...