Posts awaiting Reply
Un bleme (djaafar) Jscribe, good news (mathias) A $20 Security Fix for Ewriting (Miss Kagura) Guide: Properties in Modules (Miss Kagura) sh404sef problem (Kai)

Forum Statistics
Total user: 578 Total message: 2167

Latest posts related to

eWriting

Missus

Others

Thanks to
5410605 Visitors!!!

Want to support the growth of these projects?
Donate to the cause!

245Corp.com

245Corp.com

Joomla

The Joomla Shop

I invite you to post here any question, bug report or feature request you would like to add in next releases.
If you need some help about Forum tags, take a look at the Boardcode FAQ.
Before posting check up if your enquiry is not already included.
Please, stick and respect the few Forum Rules.

eWriting & Other Stuff - Forum

home

post reply

threaded view

rules

help


Security Problem - ewriting destroys site 2008/04/15 08:53

mathias

Newly Born Kitty

Posts: 15

Look at this:

http://secunia.com/advisories/29292

The administrator has disabled public write access.


Re:Security Problem - ewriting destroys site 2008/04/21 03:09

Sue

Moderator

Posts: 222

Yes Matthias, that's already been reported. And indeed, my whole site was hacked & subsequently deleted due to this vulnerability. It's a bit of a disaster really.

The administrator has disabled public write access.


Re:Security Problem - ewriting destroys site 2008/04/21 09:55

massimiliano

Newly Born Kitty

Posts: 16

I'm working about this issue.

Anyway, I always suggest to protect by Htaccess the files: index.php, index2.php and index3.php of /administrator/ directory.

Be careful when protecting your administrator directory with htaccess,
there are some Joomla components that require access to the
administrator directory when users are using the frontend system.

A good way is to create a .htaccess file like that:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /choose-a-directory/.htpasswd
AuthGroupFile /dev/null
<Files index.php>
require valid-user
</Files>
<Files index2.php>
require valid-user
</Files>
<Files index3.php>
require valid-user
</Files>
<Files logout.php>
require valid-user
</Files>

In AuthUserFile choose directory where .htpasswd file is located.

After done that, you need to login as administrator using full URL:
www.your-site.com/administrator/ index.php

Tutorial: http://www.htaccesstools.com/

The administrator has disabled public write access.


Re:Security Problem - ewriting destroys site 2008/04/24 12:13

Daniela

Domestic Kitty

Posts: 26

Dear Massimiliano, thanks again for your hint. I'll attempt that one not only because of ewriting but for the whole Joomla security.

The administrator has disabled public write access.


Re:Security Problem - ewriting destroys site 2008/04/24 12:17

massimiliano

Newly Born Kitty

Posts: 16

Version 1.2.1 should be safe, they told me.
One more thing you can do is keeping the configuration files permissions of Joomla and the other components at 444.

The administrator has disabled public write access.

Forum List eWriting 1.2.x Bugs Reports

Joomlaboard Forum Component 1.1.4 Stable
Two Shoes M-Factory

All components and modules in this site are registered in Joomla! Developer and are protected under the GNU General Public License.
Development and support are just available until Mambo 4.5.3, these components will no longer be developed for Mambo future versions.