777 CHMOD

[dude753]

Hey!

I volunteer on a fairly popular fan site. We've been using the same news script for about 2 years, then we moved server and suddenly it got hacked. The script is Cutenews and has lots of files on it which have to be CHMODed to 777 like news.txt and templates etc.

We have never had any problems then suddenly we start getting hacked via the template files in Cutenews. We installed another news script, Fusion News. Again we get hacked through our templates, which were 777.

Is it because the files are 777 that they are being hacked? If this is the case then why do a lot of scripts require you to have files CHMODed to 777?

Is it because of a bug on our server that we keep being exploited?

Thanks <3

[Hooker]

its deffinately because your files are CHMOD 777, it allows anyone to veiw, edit and execute the files, you're probably better off using a news system that uses sql instead and not having any files with CHMOD 777, there area couple about but i wrote my own and have never used any pre-made so i couldnt suggest one.

[dude753]

But even CMS like Joomla have things like the config file set to 777?

[zq29]

Config files are normally only set to 0777 while installing a pre-made package, after the install you are supposed to set them back to 0755 (I think). Allowing configuration files to be writable to absolutly anyone is very insecure.

[dude753]

Ok thanks. Is it ok to have directories set to 777 or not? I seriously cant believe there are so many scripts that tell you to use 777 when this can be so easily used to hack files.

[ale_jrb]

Probably best not...

644 is the future...