has some one been bashing and hacking again?

[Eidolon]

Often files have to be CHMOD'd to 0755 and not 0777 or their default setting (assuming the default isn't 0755).

[PC Bytes]

Hi guys

I'm having the same problem on:

http://www.thereviewsite.net

and

http://www.callcentre.net

They are both registered under http://www.pc-bytes.co.uk

I have a htaccess.txt but no .htaccess

Where do I put the suggested code? I would prefer this to be fixed rather than having to put code in that may cause vulnerabilities.

Many Thanks

Lee

[Eidolon]

It has to be ".htaccess" and NOT ".htaccess.txt"

One work around is to upload the .txt file and then using the FTP client rename the file to remove the '.txt' part of the file name.

[PC Bytes]

Quote:

Originally Posted by Eidolon

It has to be ".htaccess" and NOT ".htaccess.txt"

One work around is to upload the .txt file and then using the FTP client rename the file to remove the '.txt' part of the file name.

Thanks. What do I put in this htaccess file? And where does it go?

Will this make my website hosting more vulnerable and will there be a permanent fix?

Many Thanks

Lee

[PC Bytes]

Hi

I've created a file called .htaccess (not.htaccess.txt) with:

SecFilterEngine Off
SecFilterScanPOST Off

and nothing else and joomla now works

What are the dangers/risks of this?

[eUKhost.com]

Quote:

Originally Posted by PC Bytes

Hi

I've created a file called .htaccess (not.htaccess.txt) with:

SecFilterEngine Off
SecFilterScanPOST Off

and nothing else and joomla now works

What are the dangers/risks of this?

You may face injection attacks in future but we have weekly backups configured so we will restore that for you incase this happens. If you have database that gets daily updated then you may need to consider switching to some secure script in future as Joomla has never been completely secure in years of its development and n number of new versions they released.

[Eidolon]

I advice using it only in the directory required, in this case the folder joomla is installed in. Best not to add it into the root directory (ie. /public_html) and hopefully limit the potential area of damage.

[eUKhost.com]

that seems to be the best suggestion so far for this mod_security problem but some people have Joomla installed in public_html so they have to put this code in main .htaccess.

cheekysneeky must be pulling her hairs now as this thread has been stretched a lot

[PC Bytes]

Hi

i have Joomla in the main directory. Server side backups are ok but what has changed on the server to cause this? Cant it just be put back the way it was?

[Eidolon]

I'm guessing the short answer is: no.

The longer answer is that having it disabled is a potential security issue and that it's better to protect the majority of users by switching it 'on' in the server settings. Those affected by it can relatively simply disable it by via a htaccess file in the relevant folder.

I think that the recent change is the setting of "SecFilterEngine" to 'on' as the other for me atleast had already been on. Explained why I was having problems with the quick reply function of my forums which packed up, still all sorted now.

[gordo]

I cannot or not allowed to delete folders/ files via FTP programme where as I was before, keep getting error 550

[eUKhost.com]

Quote:

Originally Posted by gordo

I cannot or not allowed to delete folders/ files via FTP programme where as I was before, keep getting error 550

This is possible only if you have some files or folder written by Joomla or some other software. ownership of those files and folders is assigned to "nobody" user so you don't have permission to delete those. for such things you need to contact us as you wont be allowed to delete those files / folders by any other possible way.

[Eidolon]

From memory I *think* it's possible to re-CHMOD these files via the File Manager in CPanel.

[eUKhost.com]

you can CHMOD but to change ownership you need chown which users cannot do. only root user can use this command to chown ownerships of files and folders.

[Phlebas]

Quote:

Originally Posted by eukhost.com

This is possible only if you have some files or folder written by Joomla or some other software. ownership of those files and folders is assigned to "nobody" user so you don't have permission to delete those. for such things you need to contact us as you wont be allowed to delete those files / folders by any other possible way.

I'm also getting this problem of trying to delete files via FTP. I've just done a test and if I upload a file using FileZilla and immediately try to delete it also via FileZilla I get a 550 error. However I can delete the file via the cpanel File Manager without any problems.

I was definitely able to delete a file using FileZlla on Monday morning (before 9am).

[cheekysneeky]

well I have tried deleting some files that i accidently put there when I broke my first copy of joomla (i do that sometimes), I have folder called joomla with just two defunct templates in it that i want to get rid of because they take up room 'pinkzen and joom_design_purple'. I'd like to get rid of the whole folder, can someone one from eukhost do this for me because i hate sending those pestering emails (i like this smilie!)

[eUKhost.com]

We cannot authenticate file delete request from Forum. You will at least need to come on our livechat and request one of our staff members to delete folders you want but even they will ask you certain questions for account verification.

[DPS Computing]

As a recommendation what would be the choice after Joomla! for both security and features / useability?