Was I hacked?? Or what happened?

Hi Guys,

I'm fairly new to linux although picking it up pretty quickly, I followed a tutorials, series by Olly Connolly several times always running into problems b/c it hadn't been updated (vpsbible.com) but I learned a bunch of stuff and got it working once I ran the updated stackscripts.ran some stackscripts.

I'm running Ubuntu 10.0.4 LTS, Nginx 5.2.6, PHP-FPM, & MySQL with WordPress 3.5

I'm using a SSH2 privatekey file for logging into the terminal via Putty & FileZilla for SFTP.

I disabled allow root login and changed the port as Olly suggested.

So everything is working well, I've only had it going for about a week and haven't had much time to this morning I tried to upload some theme files and it wouldn't let me saying permission was denied.. well like I said I'm new to this linux thing so I tried changing permissions to 777, but still wouldn't, then I noticed my wp-content and wp-admin folders were owned by user www-data and group webmasters … I did not do this and I don't believe I set it up this way, it only happened to this one site (I have 3 set up)… I was thinking maybe a plugin did it, but then I was wondering if I got hacked?

I changed them back to my user:group, but I'm wondering what's going on..

9 Replies

The only thing I can think of that I might have done was left the stackscript hanging around (now removed) which contained my password..

could it be the stackscript™?

btw, I wouldn't use a stackscript(tm) just for one install, especially if I was new to linux. because you have no idea what the stackscript(tm) has done to your system. like in this case. However, stackscript(tm) are shell scripts, so you can open them in a text editor and have a look at what they are doing, so I would recommend you do that.

stackscript(tm) are useful for deploying multiple nodes dynamically when needed.

just my opinion.

Hello,

The www-data user:group pair is associated with your web server. Files owned by this user or group can be accessed by the Nginx web server.

There are several ways to achieve the access you want for both your user and your web server. I choose to add my user to the www-data group (sudo usermod -G www-data user).

I hope this helps!

Regards,

Alex

@chesty:

could it be the stackscript™?

btw, I wouldn't use a stackscript(tm) just for one install, especially if I was new to linux. because you have no idea what the stackscript(tm) has done to your system. like in this case. However, stackscript(tm) are shell scripts, so you can open them in a text editor and have a look at what they are doing, so I would recommend you do that.

stackscript(tm) are useful for deploying multiple nodes dynamically when needed.

just my opinion.

ha, well like I said I'm a linux noob, what do I need to know? I'm not an advanced user I was just looking for a super-fast and affordable hosting solution.. godaddy and all those shared servers are slow as molasses and dedicated or managed vps is more than I want to spend.. I just run a couple wordpress blogs..

@alexfornuto:

Hello,

The www-data user:group pair is associated with your web server. Files owned by this user or group can be accessed by the Nginx web server.

There are several ways to achieve the access you want for both your user and your web server. I choose to add my user to the www-data group (sudo usermod -G www-data user).

I hope this helps!

Regards,

Alex

Thanks, well I used:

chown -R user:group /…path

and put them back where they were.. is that a problem?

I take it nginx will change them back??? I don't quite understand b/c they were in the original user:group for at least a day or two, I haven't messed with it until today it was www-data:webmasters…

@cfauver:

@alexfornuto:

Hello,

The www-data user:group pair is associated with your web server. Files owned by this user or group can be accessed by the Nginx web server.

There are several ways to achieve the access you want for both your user and your web server. I choose to add my user to the www-data group (sudo usermod -G www-data user).

I hope this helps!

Regards,

Alex

Thanks, well I used:

chown -R user:group /…path

and put them back where they were.. is that a problem?

I take it nginx will change them back??? I don't quite understand b/c they were in the original user:group for at least a day or two, I haven't messed with it until today it was www-data:webmasters…

Nginx will not change user permissions on it's own, but if WordPress or one of it's plugins does, I wouldn't know about it. I would again suggest adding the www-data group to your user, and reverting back from 777 to your previous settings.

@alexfornuto:

Hello,

The www-data user:group pair is associated with your web server. Files owned by this user or group can be accessed by the Nginx web server.

There are several ways to achieve the access you want for both your user and your web server. I choose to add my user to the www-data group (sudo usermod -G www-data user).

I hope this helps!

Regards,

Alex

Hi Alex - I am having the same trouble again and I tried your suggestion and it does not seem to fix the problem.. any more ideas?

The only way I can figure out how to upload is to

chown user:group /path

then

chown www-data:webmasters /path

to reset…

cfauver,

I just read your post at

~~[http://forum.linode.com/viewtopic.php?t=9761&p=55863#p55863" target="_blank">](http://forum.linode.com/viewtopic.php?t … 863#p55863">http://forum.linode.com/viewtopic.php?t=9761&p=55863#p55863](

and the wpupgrade command, if run, will set the permissions to what you found (www-data:webmasters). When I had to set up multiple domains securely on my Linode, I found virtualmin very useful, affordable (there is a free version), and lightweight. It ships out of the box with a secure setup for a multiple domain VPS.

Hope that helps,

Gary Thorne

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct