Updates folder has a bunch of files with 777 permissions
Permalink
Is it normal for the updates folder to have a bunch of files with 777 permissions?
3 of my sites were hacked. They use some kind of php code injector to infect my files. I restored from a backup and there are still files with 777 for their permissions. I thought they should be 644 or 755.
Perhaps they got in due to the 777 permissions.
So is it normal to have a bunch of files and folders with 777 for permissions especially in the updates folder?
Thank you.
Jerlo727
3 of my sites were hacked. They use some kind of php code injector to infect my files. I restored from a backup and there are still files with 777 for their permissions. I thought they should be 644 or 755.
Perhaps they got in due to the 777 permissions.
So is it normal to have a bunch of files and folders with 777 for permissions especially in the updates folder?
Thank you.
Jerlo727
If your site is static, and there isn't constant stuff being worked on, or users uploading files etc, and your finished building than you can turn it down a notch to 755, and possibly even further.
Do you guys seriously consider giving everyone write access to config, files, and packages safe? How many sites have been hacked due to permissions settings as opposed to sql injection, or vulnerable code? I'm curious, I want to make sure I don't go to all the trouble of designing, developing, and going live with a site if there are going to be problems.
I'm new to C5, but I really like what I see; I'm fairly sure the developers have taken security seriously, but this is questionable.
I could see an avatar/profile pics folder being writable to the world, even forums so users can add attachments - but system folders?
Again, pardon me for my ignorance, maybe the code is hardened against intrusion... ? idk
I'm new to C5, but I really like what I see; I'm fairly sure the developers have taken security seriously, but this is questionable.
I could see an avatar/profile pics folder being writable to the world, even forums so users can add attachments - but system folders?
Again, pardon me for my ignorance, maybe the code is hardened against intrusion... ? idk
