File and folder permissions are a key part of your Joomla site's security. It's highly recommended that you have set them properly. They should never be 777, but ideal is 644 for files and 755 folders.

If the server your are on requires 777 permissions for Joomla to work correctly, then request to be put on another server with php as cgi and suphp and up-to-date server side software (apache, php etc) on your existing host or find another server host if necessary. Sooner is better.

Until you relocate your site to a proper hosting environment, you can protect directories that seemed to not need 777 permissions to run (as your images/media folder) with this code in a .htaccess file within the folder you want to protect.

# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI

If you are on a properly configured server and you have permissions to access SSH (secure shell) via putty for example, you can chmod the files and directories. But if not, you can still have a very geeky thing (useful for lazy old bears like me) to keep these settings consistent and unchanged. If you do not have shell access, you can probably still run the commands via cron by setting up a cron job. Copy and paste the commands below into a cron job, and set the timing according your needs (once a day should be enough). When using the command by putty or a cron job, then be sure you use the full physical path to your WEBROOT (generally public_html).

For files use:

find /home/xxxxxx/domains/xxxxxxx.com/public_html -type f -exec chmod 644 {} \;

and for directories use:

find /home/xxxxxx/domains/xxxxxxx.com/public_html -type d -exec chmod 755 {} \;

To check for recent file changes within the last day on your system use these commands from putty (SSH - secure shell) or via a cron job. If you run the command from a cron job you can schedule it to check for changed files several times each day. Results will be sent to the domain account owner and show the time/date stamp for any changed files.

find /home/xxxxxx/domains/xxxxxxx.com/public_html -type f -ctime -1 -exec ls -ls {} \;

Please note your sites files may be located in public_html, httpdocs, www, or a similar place, and your physical path may also be different than in the examples. Adjust the physical path accordingly.

0
0
0
s2sdefault
Category: Secure Joomla