vb.org Archive - With all the hacking going on - can someone tell me what file permissions

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)

- - With all the hacking going on - can someone tell me what file permissions (https://vborg.vbsupport.ru/showthread.php?t=302173)

pityocamptes

09-11-2013 06:56 PM

With all the hacking going on - can someone tell me what file permissions

for all the content for vbulletin should be set to? Cascading permissions, etc? Thanks.

ForceHSS

09-11-2013 07:01 PM

File permissions dont matter they can still hack no matter what you put them to. You need to make your forum ftp etc etc more secure but i dont think anyone has found out how they are hacking remember a really good hacker can get into anything u put into place

pityocamptes

09-11-2013 07:02 PM

Ok, so removing the install directory (which I did) after installation is all that is required? Thx

Zachery

09-11-2013 07:25 PM

Directories are normally 755, and files are normally 644. This might vary host to host though.

Assuming no one got in before you removed it, you should be safe.

Same stuff I post everywhere else:

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
Also please see these recent security announcements:
vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

pityocamptes

09-11-2013 07:27 PM

Ok, thanks. Just want to be sure. Sisn't know if removing the install directory was the only thing to do, or if file/folder permissions needed to be changed as well. I know phpbb had you change some file permissions after install, wasn't sure if vbulletin was similar...

xenite

09-12-2013 11:36 PM

Quote:

Originally Posted by ForceHSS (Post 2444976)

If you're referring to the Syrian Electronic Army hacks, all they are doing is executing scripts in the INSTALL directories.

Deleting those directories prevents further hacks through that exploit.

ForceHSS

09-13-2013 12:32 AM

Quote:

Originally Posted by xenite (Post 2445231)

If you're referring to the Syrian Electronic Army hacks, all they are doing is executing scripts in the INSTALL directories.

Deleting those directories prevents further hacks through that exploit.

Yes but no matter what security you put a good hacker will still get passed them. Even if it only what this hacker has done

All times are GMT. The time now is 10:35 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.00986 seconds Memory Usage 1,731KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (7)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: