cancel
Showing results for 
Search instead for 
Did you mean: 

Hacked again?????

N/A

Hacked again?????

Ok, not impressed.
I have found that a large number of my html files have changes again:

http://cgi.eaglecentre.force9.co.uk/blog/



These weren't done by me. So, please can force9 give me some more security? I have to run my files as 705 and need to be owned by the wwwuser, but can we not restrict what domains are run by wwwuser? Perhaps we can have more than one wwwuser?

This is mildly annoying, but I can automatically rebuild everything from scratch.


It is also interesting to see the modified times in relation to the system clock on the server which I assume is synchronised to avoid security issues.

eaglecentre@cgi05 blog $ ls -lrt
total 298
-rw-r--r-- 1 wwwuser wwwuser 91 Aug 27 12:31 nav-commenters.gif
-rw-rw-rw- 1 wwwuser wwwuser 1542 Sep 2 21:50 htaccess
-rw----rw- 1 wwwuser wwwuser 8141 Dec 31 20:03 contact.php
-rw----rw- 1 wwwuser wwwuser 542 Jan 1 12:40 index.rsd
-rw----rw- 1 wwwuser wwwuser 542 Jan 1 14:12 rsd.xml
drwxrwxrwx 2 eaglecentre cgishell 48 Jan 1 16:38 templates_c
-rw----rw- 1 wwwuser wwwuser 4029 Jan 1 22:03 styles-site.css
-rw----rw- 1 wwwuser wwwuser 11865 Feb 12 21:59 last.php
-rw-r--r-- 1 wwwuser wwwuser 64 Feb 14 06:47 test.html
drwx---rwx 3 eaglecentre cgishell 30544 Feb 14 21:13 archives
-rw----rw- 1 wwwuser wwwuser 16693 Feb 14 21:13 atom.xml
-rw----rw- 1 wwwuser wwwuser 16566 Feb 14 21:13 index.php
-rw----rw- 1 wwwuser wwwuser 47030 Feb 14 21:13 archives.html
-rw----rw- 1 wwwuser wwwuser 14358 Feb 14 21:13 pda.php
-rw----rw- 1 wwwuser wwwuser 97330 Feb 14 21:13 gallery.htm
-rw----rw- 1 wwwuser wwwuser 8599 Feb 14 21:13 index.rdf
-rw----rw- 1 wwwuser wwwuser 951 Feb 14 21:13 syndicate.js
-rw----rw- 1 wwwuser wwwuser 6614 Feb 14 21:13 index.xml
eaglecentre@cgi05 blog $ uptime
9:12PM up 50 days, 12:29, 10 users, load averages: 0.11, 0.08, 0.08
[/img]

I can't avoid the issue of wwwuser owning the files currently, but even if I did, wwwuser needs to have write access. This means that as a result anyone can write to the files.... what do people recommend since the whole idea of my program is to allow automatic content regeneration (via scripts)