Jordan DeLozier

Jordan DeLozier


11 comments posted · 2 followers · following 1

13 years ago @ Christ, Music and Tech... - An Awesome Way to Find... · 0 replies · +1 points

I agree with Joe. Nicely put!

14 years ago @ Jordan's Technolo... - CPanel Sucks? Nope. · 0 replies · +1 points

CPanel/WHM is very nice software. I'm very sure of that, so yes.

14 years ago @ Jordan's Technolo... - Get insulted, Win $10 ... · 1 reply · +1 points

It was fun but I think the spamming started running people off. Were you not a member when this happened?

14 years ago @ Christ, Music and Tech... - How can sadness not co... · 0 replies · +2 points

I'm really sorry to hear about your dog. I remember meeting Chance for the first time.

Interesting point you made:
Sadness has no value (from what I can see) concerning survival of the fittest.

It seems to have no point in survival of the fittest situations. In fact, it would seem to have a negative effect for survival from an evolutionary standpoint.

14 years ago @ Christ, Music and Tech... - How many hours a day d... · 0 replies · +1 points

I love sleep. I must have between 6-8 hours per day and average a steady 7. If I get any less or more I feel tired the entire day. I'm not sure I understand why I feel tired if I get more, but I do.

It is good that you have found this out! Sleep is very important for stress relief, good health and a whole mess of other things. :)

14 years ago @ Jordan's Technolo... - Joomla! 1.5: Warning! ... · 0 replies · +1 points

I agree, suexec would be the correct solution here. chwon -R user:user /homedir afterwards would fix all issues.

14 years ago @ Jordan's Technolo... - Joomla! 1.5: Warning! ... · 0 replies · +1 points

I stated "all users and groups" which means world access. It still means only users that have gained access to your system, whether that is the user apache (or your http server software) is running as or a legit user on your system.

In any cause, I changed it from 777 to 766 in the original post. This will still allow write access but removes execute. You have to picture the situation: Apache was running as UserA while all of the files under Joomla are owned by UserB on the system. UserA which is executed by Joomla using Apache can't write UserB's /tmp folder unless the "other" flag has access. This is because I've mucked up the owner permissions moving between so many servers.

Thanks for pointing that out though. :) Nice looking blog site you have!

14 years ago @ Jordan's Technolo... - Joomla! 1.5: Warning! ... · 0 replies · +1 points

The recommended permission for directories in Joomla is 755 -

Increasing the tmp folder to 777 means you've only added the ability to write for all users and groups. While that may sound insecure, it only means users of the system can access that directory with full privs. Therefore, running on a private system with no other system users, 777 for a tmp directory is fine. Not to mention, your system default /tmp directory is 777:

drwxrwxrwt 34 root root 4096 Jul 8 09:18 tmp

You could use 757 or 766 instead which will prevent execution (this is probably better than my stated 777 above). I've also added a second option, if your account has the ability to change owner and group (most do not).

You can also change your temp folder in global configuration / server and move it outside of the public view, if you are worried about that. You may even be able to use the root /tmp folder, however, some servers will block PHP access outside of the homedirectory with PHP Openbase_dir.

To comment on the FTP layer..... FTP transmits passwords using clear text. In business audits for networked systems you are not even allowed to use FTP to connect to any minor business network for this reason. You are basically blasting your account password across the web to anyone that has a sniffer.

14 years ago @ Christ, Music and Tech... - IntenseDebate WordPres... · 0 replies · +1 points

You are right, IntenseDebate is awesome! I'm glad you showed it to me. I'm still learning about it.

14 years ago @ Jordan's Technolo... - D-Link DNS-323 Hacking... · 0 replies · +1 points

I just checked and that link does work. Is that port being blocked by a firewall on your network?