Securing A writable directory {Gallery2}

jerxs · May 30, 2007

I just had one of the sites I was developing hacked and at first I was pointing the finger at MPMU, though I am using 3 different scripts to power the site. One of the scripts is Gallery2 which I now believe was the soft spot which the hacker found and used to his advantage.

In order for the script to function properly permissions to the main directory have to be set to 777, I dont know a whole hell of allot about server security, but I do know this usually not good, allowing permissions on all levels to write.

So my question is, can a directory be made secure from attacks that has its permissions set to 777, is there some other setting or counter balance that would make the writable directory secure while still being writable? If not I cant see how a script like this has survived and is so popular if so vonerable.

shaggz · May 30, 2007

Have you gone down this checklist:

Gallery2:Security - Gallery Codex

ScottDaMan · May 30, 2007

Wow, that's a lot of shit to go through to get gallery2 secure. Why didn't they just code it to where photos are posted to a 777 directory only that has no php in it. Everything else could then be 644 as usual and the problem is solved!!?!

elusid · Jun 1, 2007

LOL one of my crappy gallerys got hacked and then it got submitted to all these websites that show off defaced sites and turned into a PR5 from all the exposure I thought that was pretty funny....so at least some good came out of it.

wesley · Jun 1, 2007

Hmmm, good tip to generate extra links. Start with a very old version of whatever software (phpbb, gallery) let it be hacked and get in all those galleries and acquire those links. Then after a few weeks make a real site out of it. Haha, thanks for the tip elusid

(But make sure that all they can do is change the homepage, you don't want them to have access to SSH/email/etc, so you would have to check the exploit details (there are sites that list these))

elusid · Jun 1, 2007

your welcome... I was actually working on a blog post about my experience with this it could be a good wway to get links ive had two scripts hacked by the same guy and only got PR on one of the pages so it doesnt seem to work all the time...

wesley said:
Hmmm, good tip to generate extra links. Start with a very old version of whatever software (phpbb, gallery) let it be hacked and get in all those galleries and acquire those links. Then after a few weeks make a real site out of it. Haha, thanks for the tip elusid

(But make sure that all they can do is change the homepage, you don't want them to have access to SSH/email/etc, so you would have to check the exploit details (there are sites that list these))

jerxs · Jun 12, 2007

Sorry didnt mean to abandon this post....

Ive went through all the security documentation and got tripped up on one thing in particular;;;;;

If your PHP Server API is Apache and open_basedir is empty (no value), then talk to your webhost, this is a large security risk. There's no way to secure your Gallery 2

So open_basedir is set to no value on my server "shared server" and my host has advised me that there is not a damn thing they can do about it.

So my question is this, If my config.php or any other file that I am concerned about under the sites root directory is set to say 400, there should be no way anyone, but myself could do anything but read the contents of the file. So how would the above quote possible be true if in fact the file that I am most concerned about is set to 400?

I know shit about open_basedir or many of the other php setting....

Search

Search

Securing A writable directory {Gallery2}

jerxs

New member

shaggz

New member

ScottDaMan

New member

elusid

New member

wesley

New member

elusid

New member

jerxs

New member