script find wp-config and change the permission, good or useless??

system1351

Member
May 17, 2010
16
0
51
World Wide Web
cPanel Access Level
Root Administrator
Hi,

all know the WP and Joomla has hacked every day

i make a script who find and change a permission of wp-config.php from 777 to 600 or 644 to prevent hacked BUT...

but when i put 777 to wp-config.php and i try to access with the URL, for example http://domain.com/wp-config.php (file with 777) i can't view and do anything with that file


MY ASK IS:
if that case i can't do anything with that file, WHY is a security risk have that file wp-config.php with 777 ??


:)

thanks
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
6
168
Melbourne, Australia
cPanel Access Level
Root Administrator
The reason you couldn't do anything with it is that it was mode 600 or mode 777. Mode 600 protects against the hack, mode 777 is stopped by the system as it is also insecure.

When you access a PHP file via the normal means, as you did, it checks the file permissions and if it is mode 777 suphp will prevent it running and give you an error.

Normally this file is never accessed directly. The issue you are protecting yourself from with this change works another way and you would not be able to simulate it or test it directly. (If you want to test it, you could try renaming your file to fred.txt and visit it in the browser. If protected it should fail)
 

HSN-Saman

Member
Jan 11, 2013
16
0
1
cPanel Access Level
DataCenter Provider
Actually it depends on the php handler on the server , normally 777 means world-wide readable / writable and anothers may read that file in DSO mode easily . the same for other PHP handlers so it would be better to keep it on 600 or even 644 is fine when the server is hardened . if you are on SuPHP and had set open_basedir to "/home/$usr/:/tmp:/others" there is no worries and files are being protected ... open_basedir is not the only way so you need to do other security tweaks such as symlink protection too.

P.S : to set open_basedir value to /home/$usr/ you need custom templates and custom script as $usr is variable to cpanel user :)
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
6
168
Melbourne, Australia
cPanel Access Level
Root Administrator
MY ASK IS:
if that case i can't do anything with that file, WHY is a security risk have that file wp-config.php with 777 ??
Sorry, just realized I missed answering your main question!

When a file is 777 there are two core issues:
  • anyone on the server could read the file
  • anyone on the server could CHANGE the file
If the file is mode 777, suphp can detect the file is writable (777) and prevent it running as a security problem.

Your problem here is not the mode 777 as such, it's the mode 644 that allows the file contents to be read, and if it's a wp-config.php file, the username/password get stolen.

Also, somehow, you've incorrectly picked up that the discussion on the internets at the moment is saying mode 777 is bad. It is actually saying mode 644 is bad. (Mode 777 is bad, but everyone knows that)

If you set the file to 600 that stops other users on the server (or other users who have been exploited somehow) from stealing passwords.

I've written a bit more on this at: Apache symlink security issue fix/patch - whmscripts
 

nibb

Well-Known Member
Mar 22, 2008
319
5
68
Actually it depends on the php handler on the server , normally 777 means world-wide readable / writable and anothers may read that file in DSO mode easily . the same for other PHP handlers so it would be better to keep it on 600 or even 644 is fine when the server is hardened . if you are on SuPHP and had set open_basedir to "/home/$usr/:/tmp:/others" there is no worries and files are being protected ... open_basedir is not the only way so you need to do other security tweaks such as symlink protection too.

P.S : to set open_basedir value to /home/$usr/ you need custom templates and custom script as $usr is variable to cpanel user :)
What symlink protection exactly? There is no symlink protection available at all. Nothing stops someone from reading files in the server, and with such database credentials or files that store some kind of logins, this includes basically any web app using MySQL