problems with server apache folder / file

[Prema]

Hi
after the fact with update components and modules, I noticed that the permissions for files and folders were owned by apache (no longer erasable and editable).
The permissions were changed only with the help of the manager of the server.
Yesterday, the manager noticed that the server had a clogging processes httpd / perl. He found two files. php (where the names were composed characters and numbers) in the root of the site and deleted them.
He warned that if the problem reoccurs I blocks the site.
can anyone help me to solve this problem

thanks for the replies
prema

[datahell]

Elxis cannot change the owner of the files. Also Elxis doesnot change the permisdions of the files.
Elxis does not place files in elxis root folder except from configuration files for subsites if multisites are enabled (config1.php, ...). Elxis only add/edit temporary files in elxis repository and put uploaded images in media/images/.

Which were the names of the files you saw in elxis root folder and what was their contents?

[Prema]

hello
datahell
the manager I had not explained well where he had found the file.
I also have a subdomain .....
were at the root of the subdomain where I moved the old site Elxis 2009.x
permissions file 664 /  folder 775
I do not know the contents of the files it deleted, now only gave me the names:

rw-r - 1 apache apache 23297 r-- October 11 16:41 w49005702n.php
rw-r - 1 apache apache 23297 r-- October 11 18:00 w81515303n.php

and the others were more or less similar

About Elxis 4.x I have set the folders 777 and files 666, to get updates from center EDC
about the change of ownership (apache) of folders and files on Elxis 4.x under reporting what I updated 10/08/2014


    modules
        mod_advertising
        mod_superarticles
    components
        com_etables
        com_pfm
        com_content
            plugins
                eiyoutubetv
                pfm

while for E-tables after the upgrade I had to import the backup database of the relevant component, because I could not find in the pages plus tables

with estimate

prema

[datahell]

Setting everything as writeable (777/666) is not the safest option. Also using apache under mod_php in a shared hosting environment is not the safest option, you better had php configured with suexec or fpm or other similar technology. Elxis needs only repository folder to be writeable, everything else can be not-writeable and Elxis will function fine. The files you show me are not from Elxis. There might be from the additional extensions you have installed but not from Elxis core. You can search your server log files to find out how they were generated and you can also open them to see what they contain. Such issues are mostly a matter of you and your hosting company. I cannot provide you more help because I dont know what has happened to your site. You can read our security guide for Elxis (not for your web server) if you like.

[Prema]

Setting everything as writeable (777/666) is not the safest option. Also using apache under mod_php in a shared hosting environment is not the safest option, you better had php configured with suexec or fpm or other similar technology. Elxis needs only repository folder to be writeable, everything else can be not-writeable and Elxis will function fine. The files you show me are not from Elxis. There might be from the additional extensions you have installed but not from Elxis core. You can search your server log files to find out how they were generated and you can also open them to see what they contain. Such issues are mostly a matter of you and your hosting company. I cannot provide you more help because I dont know what has happened to your site. You can read our security guide for Elxis (not for your web server) if you like.

Thanks
Datahell  for your competence and availability

prema

[Blacksoll]

Something sounds famliar here, so desided not to open a new topic.............

When i manually upload and install something like a module or template the owner is me, when i install something from live edc the owner is apache....
and files and folders are no longer erasable and editable.

What should i do ?

[datahell]

@Blacksoll: No, there is no difference. In both cases files get uploaded by Apache. Elxis cannot -and does not- change the owner of files! If your apache runs as user "someone" then all files uploaded/created will belong to user "someone". Only if you have enabled the FTP option then new files/folders will be owned by the FTP user you set in Elxis configuration. FTP is an interesting option for sites the apache runs without suexec/fpm. Today most servers run with suexec/fpm so you don't need FTP and you have no problem with file owners/permissions.

In general...
When you host your site on a Linux server then you need to know a few things about Linux file-system, file owners and permissions. There are thousands of guides and tutorials on the internet. Also your web hosting provider is responsible to answer your questions regarding such things because each server has different set up.

[Prema]

datahell
Which were the names of the files you saw in elxis root folder and what was their contents?

Hi
Datahell

files were a trojan PHP / BackDoor

[datahell]

You must search server log files to find out how they uploaded. Just delete them doesnot solve the problem. As php runs as apache module this attack might occured on an other site on the same server. In any case the company that hosts your site is responsible to investigate this problem and notify you about the origin of the attack and what to do next. Elxis 4 is impossible to be the cause of the attack except if the admin user has a virus on his pc. I am 1000% sure for that.