dannyb785 Posted August 23, 2008 Share Posted August 23, 2008 ok so I was hacked a good bit ago and the intruders uploaded phishing scam files to my server. I had the files's permission set to 777. Well that is all changed now and now they're at 711 and i only change it to 777 when uploading a file/picture. Here's my issue: I was testing my file upload script from one server to another server(I have 3 separate servers that are 3 separate websites) like say in abc.com I had a file uploading script to upload to xyz.com/images Thing is... whether I set the images folder to 711 or 777, the file isn't uploaded. Isn't the point of folder permissions that if you wanted, anyone would be able to upload to it, like in my example? because then I tried my upload script opn abc.com's server to upload to abc.com and no matter what the permissions are (711 or 777) they upload without question. So my main question is... how could I files have been uploaded before(when I was hacked) if apparently files can't be uploaded except if the script is run on the same server? and also, what permission set am I best of the set my folders to? Link to comment https://forums.phpfreaks.com/topic/120981-file-permissions-for-uploading-issues/ Share on other sites More sharing options...
ratcateme Posted August 23, 2008 Share Posted August 23, 2008 i am not sure what is going on with your file uploading but if you are being hacked and people can upload any scripts then i would advise you to put a check in you upload that the file is a valid image and not a file they can hack with. i find when i get a image upload it is best to use it with GD then it will fail if it is not a real image Scott. Link to comment https://forums.phpfreaks.com/topic/120981-file-permissions-for-uploading-issues/#findComment-623670 Share on other sites More sharing options...
dannyb785 Posted August 24, 2008 Author Share Posted August 24, 2008 i am not sure what is going on with your file uploading but if you are being hacked and people can upload any scripts then i would advise you to put a check in you upload that the file is a valid image and not a file they can hack with. i find when i get a image upload it is best to use it with GD then it will fail if it is not a real image Scott. I wasn't hacked because of a script of my own. The only script I had that uploaded images required someone to be logged in to do it anyway. My issue is someone running a script from another server uploading files into mine. Link to comment https://forums.phpfreaks.com/topic/120981-file-permissions-for-uploading-issues/#findComment-624093 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.