Jump to content

File permissions for uploading... issues!

dannyb785

By dannyb785
in PHP Coding Help

 Share

Recommended Posts

dannyb785 Member

dannyb785

Posted
Posted

ok so I was hacked a good bit ago and the intruders uploaded phishing scam files to my server. I had the files's permission set to 777. Well that is all changed now and now they're at 711 and i only change it to 777 when uploading a file/picture. Here's my issue:

 

I was testing my file upload script from one server to another server(I have 3 separate servers that are 3 separate websites) like say in abc.com I had a file uploading script to upload to xyz.com/images Thing is... whether I set the images folder to 711 or 777, the file isn't uploaded. Isn't the point of folder permissions that if you wanted, anyone would be able to upload to it, like in my example? because then I tried my upload script opn abc.com's server to upload to abc.com and no matter what the permissions are (711 or 777) they upload without question.

 

So my main question is... how could I files have been uploaded before(when I was hacked) if apparently files can't be uploaded except if the script is run on the same server?

 

and also, what permission set am I best of the set my folders to?

Link to comment
Share on other sites
ratcateme Member

ratcateme

Posted
Posted

i am not sure what is going on with your file uploading but if you are being hacked and people can upload any scripts then i would advise you to put a check in you upload that the file is a valid image and not a file they can hack with. i find when i get a image upload it is best to use it with GD then it will fail if it is not a real image

 

Scott.

Link to comment
Share on other sites
dannyb785 Member

dannyb785

Posted
  • Author
Posted

i am not sure what is going on with your file uploading but if you are being hacked and people can upload any scripts then i would advise you to put a check in you upload that the file is a valid image and not a file they can hack with. i find when i get a image upload it is best to use it with GD then it will fail if it is not a real image

 

Scott.

 

I wasn't hacked because of a script of my own. The only script I had that uploaded images required someone to be logged in to do it anyway. My issue is someone running a script from another server uploading files into mine.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.