We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Help! Somone put spam php scripts in our modx images folder

    • 6192
    • 20 Posts
    cyang126 Reply #1, 11 years, 3 months ago
    By chance, we found out some bounced emails were actually not execute from our own php scripts. Since the assets/images folder has permission of 777, someone injected their spam email php to send out email from our server.

    Need help on how to rectify this situation, what happen if I change all assets folder to 744?

    Our hosting provider suggest to change php handler to suphp or FCGI, but will our evo modx 1.o still runs?

    Need some suggestions to prevent more scripts to be uploaded to modx folders. Thanks.
    • sottwell Reply #2, 11 years, 3 months ago
      Switching to suphp or FCGI won't have any effect whatsoever on MODx. It is an excellent idea.
        Studying MODX in the desert - http://sottwell.com
        Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
        Join the Slack Community - http://modx.org
        • 6192
        • 20 Posts
        cyang126 Reply #3, 11 years, 3 months ago
        Thanks Susan, how about permission setting is 740 too restrict for all the folder under assets?
          • 30023
          • 172 Posts
          TimGS Reply #4, 11 years, 3 months ago
          Seems like an odd situation. The only way a PHP script could have been put into your webspace is by:

          1. (Possibly) someone with an account (*) on the same server - and even then I'd query why on a shared host there wasn't a bit more security in place to prevent this.

          (*) (or access to an account - hopefully your own FTP/SSH password is secure)

          2. A security flaw in your own site's code. Do you have any functionality allowing frontend users to upload images or other files?

          Now 1 seems rather pointless other than to perhaps ensure that any logged bandwidth due to the emails goes on your own account. The emails would come from the same IP as their own account.

          So I'd suspect 2 - but even then, unless you have a very obvious security flaw it seems a lot of hassle to go to just for the sake of having their emails originate from a non-blacklisted IP.

          That aside, you should probably read up on linux/unix file permissions. For directories you need one of 700, 770 or 777. Choose the first one that still allows your site to work (check manager and frontend). If you host is now using suphp, fcgi, or anything else that offers the ability to run php with your own account's permissions, choose 700.

          -- Tim.
          • sottwell Reply #5, 11 years, 3 months ago
            Many hosts that use suphp or FastCGI require 755 for folders and 644 for files. Anything else can cause a 500 error.
              Studying MODX in the desert - http://sottwell.com
              Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
              Join the Slack Community - http://modx.org