| Pages: [1] |
|
|
 Author |
Topic: 777 Permissions Hackable? (Read 787 times) |
|
mooresites
Posts: 3
|
I found a brief message on this topic, but it didn't answer my question. I had two clients on my server trying out the snippetmaster lite version. In each case, the snippet files that I changed to 777 CHMOD were hacked (boz_wolf hacker). Am I missing something? Is there a way I can secure my server further to prevent this? I'm loving the snippetmaster (am starting to purchas PRO versions), but need this aspect resolved before I can commit. Thanks for the great program!
|
|
|
|
|
|
Jenkinhill
|
I doubt if you need 777. The required permissions do depend on the server, but assuming that the SnippetMaster files are owned by the site owner then 644 should be all that is needed. I did have one server that required 664 but never 777.
|
Kelvyn
|
|
|
|
mooresites
Posts: 3
|
I tried 646 and that worked . . . however, wouldn't the hacker be able to do the same thing to my files? Or is the "executable" aspect an issue?
|
|
|
|
|
|
Jenkinhill
|
No, it is the writable by all that opens the door. Having said that it is not easy to do and I believe it is usually perpetrated by hacking some other vulnerable script on the server, such as an outdated phpNuke, phpBB or whatever. On many shared server configurations the vulnerable script may not even be within your own website.
It is best to avoid 777 except for directories that need full read/write/execute permissions.
|
Kelvyn
|
|
|
|
mooresites
Posts: 3
|
Gotcha . . . I had several sites that were affected. All were Snippetmaster related with 777 permissions. Talk about a lesson learned! Thanks for your help. Oh, just in case any more light can be shed, I'm on an Apache server (VPS). I run several sites on that one VPS (shared IP). Some that were affected had the new PHPBB3 beta, but some didn't . . .
|
|
|
|
|
|
|
Pages: [1]
|
|
|
|
Logged