dude753 Posted March 5, 2006 Share Posted March 5, 2006 Hey!I volunteer on a fairly popular fan site. We've been using the same news script for about 2 years, then we moved server and suddenly it got hacked. The script is Cutenews and has lots of files on it which have to be CHMODed to 777 like news.txt and templates etc.We have never had any problems then suddenly we start getting hacked via the template files in Cutenews. We installed another news script, Fusion News. Again we get hacked through our templates, which were 777.Is it because the files are 777 that they are being hacked? If this is the case then why do a lot of scripts require you to have files CHMODed to 777?Is it because of a bug on our server that we keep being exploited?Thanks <3 Quote Link to comment Share on other sites More sharing options...
Hooker Posted March 5, 2006 Share Posted March 5, 2006 its deffinately because your files are CHMOD 777, it allows anyone to veiw, edit and execute the files, you're probably better off using a news system that uses sql instead and not having any files with CHMOD 777, there area couple about but i wrote my own and have never used any pre-made so i couldnt suggest one. Quote Link to comment Share on other sites More sharing options...
dude753 Posted March 5, 2006 Author Share Posted March 5, 2006 But even CMS like Joomla have things like the config file set to 777? Quote Link to comment Share on other sites More sharing options...
zq29 Posted March 5, 2006 Share Posted March 5, 2006 Config files are normally only set to 0777 while installing a pre-made package, after the install you are supposed to set them back to 0755 (I think). Allowing configuration files to be writable to absolutly anyone is very insecure. Quote Link to comment Share on other sites More sharing options...
dude753 Posted March 5, 2006 Author Share Posted March 5, 2006 Ok thanks. Is it ok to have directories set to 777 or not? I seriously cant believe there are so many scripts that tell you to use 777 when this can be so easily used to hack files. Quote Link to comment Share on other sites More sharing options...
ale_jrb Posted March 5, 2006 Share Posted March 5, 2006 Probably best not...644 is the future... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.