Has file permissions on your server ever change mysteriously? - GoFuckYourself.com

bean-aid · 01-24-2012, 11:19 PM

Today, I went to check an htpasswd file that CCBill writes to on new sales. It needs to communicate with that file to generate the new user as well as update so user has access.

The file is supposed to be set at 666 and was done so on 12-24-11 by me because new members not being able to sign up, those that could somehow signup could not log in because that file was not written to.

Today, I checked the file again and it was back to 644.

This is not the first time i've noticed this anomaly. It has happened on other sites as well with this same exact file.

Has anyone had this happen to this file? Any ideas?

BSleazy · 01-24-2012, 11:21 PM

Whatever cms/script is probably doing that.

WarChild · 01-24-2012, 11:21 PM

Any chance the file was restored from backup? Is the sever totally unmanaged?

GFED · 01-24-2012, 11:23 PM

i've only had this problem with shared hosting from some places because they won't allow 666 or 777 permissions on files and require them to be 644 or 755. are you on a shared host?

Slappin Fish · 01-24-2012, 11:23 PM

my host changed files permissions once before without warming

porno jew · 01-24-2012, 11:25 PM

bean-aid · 01-24-2012, 11:30 PM

Quote:

Originally Posted by BCyber

Whatever cms/script is probably doing that.

It happened to me before on a different site, different server. I can't see how it is a script of mine... sites were totally different and totally different setup.

The only reason I check that file is from past experience with this same issue. When I see no sales for a period of time, which varies from the norm, I check that file.

It is an unmanaged server, nothing was restored.

BSleazy · 01-24-2012, 11:40 PM

Quote:

Originally Posted by beaner

It happened to me before on a different site, different server. I can't see how it is a script of mine... sites were totally different and totally different setup.

The only reason I check that file is from past experience with this same issue. When I see no sales for a period of time, which varies from the norm, I check that file.

It is an unmanaged server, nothing was restored.

If no scripts, cms's, backends (whatever you wanna call them) are the same then change all your passwords for everything and get a managed server. You might of been hacked. Shouldn't risk a money site on something unmanaged if you don't have a network admin that can deal with that shit.

bean-aid · 01-24-2012, 11:52 PM

Quote:

Originally Posted by BCyber

If no scripts, cms's, backends (whatever you wanna call them) are the same then change all your passwords for everything and get a managed server. You might of been hacked. Shouldn't risk a money site on something unmanaged if you don't have a network admin that can deal with that shit.

We will look into that... It's not managed by a host but certainly managed by a programmer who knows servers.

I posted to see if anyone else has had the same issue... I've seen it before on different site, different server, same file. Something triggers the change... it may be a hack but I am not leaning that direction. Will know more when it gets checked out.

bean-aid · 01-25-2012, 02:51 PM

Quote:

Originally Posted by BCyber

If no scripts, cms's, backends (whatever you wanna call them) are the same then change all your passwords for everything and get a managed server. You might of been hacked. Shouldn't risk a money site on something unmanaged if you don't have a network admin that can deal with that shit.

Do you think rsync 1 server to another server might set 666 file back to 644? I am in the middle of switching servers

and it seems to have happened exactly at the start of the server transfer.

18teens · 01-25-2012, 03:45 PM

Quote:

Originally Posted by beaner

Do you think rsync 1 server to another server might set 666 file back to 644?

Yes, I've had it happen.

V_RocKs · 01-25-2012, 05:11 PM

check rsync setting for permissions switch

raymor · 01-25-2012, 05:18 PM

Do you have a secondary processor? One particular processor will hose your .htpasswd and .htaccess files with their default script.

Before fixing it next time, look at the ctime, or inide change time. That will tell you exactly when the change was probably made.

Also that can happen when you edit a file. Say you download it, change it, delete the old, then upload the new. The new file will have default permissions, 644. You should instead overwrite the old file without deleting it.

bean-aid · 01-27-2012, 12:21 AM

So it def. was the site transfer. Every time a transfer is initiated that file goes back to 644.

CCbill says that it must be set to 666 but when I asked my programmer he said it shouldn't matter. Obviously it does matter.

Anyone with programming experience with CCBill htpasswd file experience care to comment? My programmer just doesn't understand why a htpasswd file set at 644 can't be written to by CCBill but that, I have proven, to be a fact.

Operator · 01-27-2012, 12:56 AM

It doesn't sound malicious

BSleazy · 01-27-2012, 01:07 AM

jesus...

CyberHustler · 01-27-2012, 01:39 AM

Dreamweaver has done that to me a few times... Tried changing permissions of one file and it ends up changing permissions of an entire directory instead somewhere else on my server.

01-24-2012, 11:19 PM	#1
bean-aid So Fucking Banned Industry Role: Join Date: Jun 2011 Location: the land of woke sleuths Posts: 16,493	Has file permissions on your server ever change mysteriously? Today, I went to check an htpasswd file that CCBill writes to on new sales. It needs to communicate with that file to generate the new user as well as update so user has access. The file is supposed to be set at 666 and was done so on 12-24-11 by me because new members not being able to sign up, those that could somehow signup could not log in because that file was not written to. Today, I checked the file again and it was back to 644. This is not the first time i've noticed this anomaly. It has happened on other sites as well with this same exact file. Has anyone had this happen to this file? Any ideas?

01-24-2012, 11:21 PM	#2
BSleazy Confirmed User Industry Role: Join Date: Aug 2002 Location: USA Posts: 6,721	Whatever cms/script is probably doing that. __________________ icq 156131086

01-24-2012, 11:21 PM	#3
WarChild Let slip the dogs of war. Industry Role: Join Date: Jan 2003 Location: Bermuda Posts: 17,263	Any chance the file was restored from backup? Is the sever totally unmanaged? __________________ .

01-24-2012, 11:23 PM	#4
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,098	i've only had this problem with shared hosting from some places because they won't allow 666 or 777 permissions on files and require them to be 644 or 755. are you on a shared host? __________________ https://www.flow.page/savethechildren

01-25-2012, 05:18 PM	#13
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	Do you have a secondary processor? One particular processor will hose your .htpasswd and .htaccess files with their default script. Before fixing it next time, look at the ctime, or inide change time. That will tell you exactly when the change was probably made. Also that can happen when you edit a file. Say you download it, change it, delete the old, then upload the new. The new file will have default permissions, 644. You should instead overwrite the old file without deleting it. __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids

01-24-2012, 11:23 PM	#5
Slappin Fish Confirmed User Industry Role: Join Date: Jul 2007 Location: Thailand Posts: 2,512	my host changed files permissions once before without warming

01-24-2012, 11:25 PM	#6
porno jew Too lazy to set a custom title Industry Role: Join Date: Nov 2006 Posts: 10,166

01-25-2012, 05:11 PM	#12
V_RocKs Damn Right I Kiss Ass! Industry Role: Join Date: Dec 2003 Location: Cowtown, USA Posts: 32,409	check rsync setting for permissions switch

01-27-2012, 12:21 AM	#14
bean-aid So Fucking Banned Industry Role: Join Date: Jun 2011 Location: the land of woke sleuths Posts: 16,493	So it def. was the site transfer. Every time a transfer is initiated that file goes back to 644. CCbill says that it must be set to 666 but when I asked my programmer he said it shouldn't matter. Obviously it does matter. Anyone with programming experience with CCBill htpasswd file experience care to comment? My programmer just doesn't understand why a htpasswd file set at 644 can't be written to by CCBill but that, I have proven, to be a fact.

01-27-2012, 12:56 AM	#15
Operator So Fucking Banned Industry Role: Join Date: May 2009 Location: ΠπΠ Posts: 2,419	It doesn't sound malicious

01-27-2012, 01:07 AM	#16
BSleazy Confirmed User Industry Role: Join Date: Aug 2002 Location: USA Posts: 6,721	jesus... __________________ icq 156131086

01-27-2012, 01:39 AM	#17
CyberHustler Unregistered Abuser Industry Role: Join Date: Feb 2006 Posts: 25,988	Dreamweaver has done that to me a few times... Tried changing permissions of one file and it ends up changing permissions of an entire directory instead somewhere else on my server.