Jump to content

Archived

This topic is now archived and is closed to further replies.

dude753

777 CHMOD

Recommended Posts

Hey!

I volunteer on a fairly popular fan site. We've been using the same news script for about 2 years, then we moved server and suddenly it got hacked. The script is Cutenews and has lots of files on it which have to be CHMODed to 777 like news.txt and templates etc.

We have never had any problems then suddenly we start getting hacked via the template files in Cutenews. We installed another news script, Fusion News. Again we get hacked through our templates, which were 777.

Is it because the files are 777 that they are being hacked? If this is the case then why do a lot of scripts require you to have files CHMODed to 777?

Is it because of a bug on our server that we keep being exploited?

Thanks <3

Share this post


Link to post
Share on other sites
its deffinately because your files are CHMOD 777, it allows anyone to veiw, edit and execute the files, you're probably better off using a news system that uses sql instead and not having any files with CHMOD 777, there area couple about but i wrote my own and have never used any pre-made so i couldnt suggest one.

Share this post


Link to post
Share on other sites
Config files are normally only set to 0777 while installing a pre-made package, after the install you are supposed to set them back to 0755 (I think). Allowing configuration files to be writable to absolutly anyone is very insecure.

Share this post


Link to post
Share on other sites
Ok thanks. Is it ok to have directories set to 777 or not? I seriously cant believe there are so many scripts that tell you to use 777 when this can be so easily used to hack files.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.