germ Posted May 3, 2009 Posted May 3, 2009 Programs that run under UNIX on a web server that are considered a "virus" are not always going to be detected by an antivirus running under Windowz on a local PC. The Windowz AV is going to catch some things, but it's a far cry from being a "bullet-proof" detection method for locating malicious entities that can invade your store IMHO. <_< If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
godfly Posted May 29, 2009 Posted May 29, 2009 Set the permissions on ALL folders to 755. Set the permissions on all files to 644, with two exceptions. There are two configure.php files. One is located in /catalog/includes/ the other is in /catalog/admin/includes/. The permissions on these two files should be 400, 444, or 644 dependent on your server configuration. Use the lowest setting that will still allow your store to function and that your host's setup allows you to set. Hi. Thanks for this. I'm just building my website and I'm still in the process of modifying the looks and functionality mostly by adding contributions. By default, all my folders are set to 755 and most of the files have the same permission. So in my case, I can leave the folder permissions as is but I have to set EACH of my files to 644? Is that right? And if I am to do just that, how will it affect my site since I'm still adding more contributions/addons and my products are not even loaded yet?
lzrczrs Posted June 30, 2009 Posted June 30, 2009 In your what do if you get hacked first step you do recover files, but what about DB??? You forgot that. :blush: If you get hacked I'd say, you should download your whole site and db as a backup every day if it's possible (a cronjob and PHP-FTP can do the job), then, if you get hacked you should -download- your site again but to another location: C:\server\www\originalsite C:\server\www\hackedsite then use a software like WinMerge to verify files have not been altered, if they were altered or corrupted you can just reset the lines that were affected by hacking and save time and effort setting up a whole site again. Most of the times hackers just want to prove their point and change your /index.php file.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.