7 replies to this topic

[axioma]

you can find a lot of contributions that says " the folder x has to have 777 permission" it is true in most of the images contributions..... what can we do in these cases?.

is a 777 an open door for hackers, troyans etc??

[FIMBLE]

axioma, on 15 October 2009, 13:10, said:

you can find a lot of contributions that says " the folder x has to have 777 permission" it is true in most of the images contributions..... what can we do in these cases?.

is a 777 an open door for hackers, troyans etc??

You should not have any folder over 755 nor file over 666 (if it need to be written to) otherwise 644.
Its like locking your door and going out somewhere but leaving your keys still in the door.

If you need to set permissions to 777 for images folder youneed to talk to your host about it, as you say its not safe at all.

Nic

[axioma]

IS THIS TRUE?

"This robots text file will also help you by removing one way for hackers to find your images folder as a lot of stores seem to get hacked via it. It will also help hide your admin from everyone but you, it is not that hard to figure out.

Cheers". comes from contribution 'robots.txt Sample File" link

MEANING USEFUL FOR FOLDERS 777 SUCH AS IMAGES FOLDER....

[peter222]

axioma, on 20 October 2009, 20:12, said:

IS THIS TRUE?

"This robots text file will also help you by removing one way for hackers to find your images folder as a lot of stores seem to get hacked via it. It will also help hide your admin from everyone but you, it is not that hard to figure out.

Cheers". comes from contribution 'robots.txt Sample File" link

MEANING USEFUL FOR FOLDERS 777 SUCH AS IMAGES FOLDER....

Just follow Nic's 'rules' and you will be fine

otherwise we'll probably see you back with a whole different kind of topic..

Edited by peter222, 20 October 2009, 21:14.

[Dan Cole]

FIMBLE, on 15 October 2009, 13:29, said:

If you need to set permissions to 777 for images folder youneed to talk to your host about it, as you say its not safe at all.

Nic

I'm really confused....is this really true?

With all the concern being expressed about "777" permissions I raised the matter with my ISP and was told that whether is was a risk or not depends on how the server is configured. I'm told that if the server is set up correctly that "the 777 gives global permissions to applications on the server and not to the world."

Not surprisingly I also found other threads on the web suggesting it's not an issue either providing your server is set up correctly. Maybe we should be advising folks to check with their ISP.

Dan

[germ]

Most servers are NOT setup "correctly".

And what if the person you talk to concerning this doesn't know what they're talking about?


"777" isn't a good idea if you value your site and the time/effort/money you have invested in it.

[Dan Cole]

germ, on 08 November 2009, 04:16, said:

Most servers are NOT setup "correctly".

And what if the person you talk to concerning this doesn't know what they're talking about?


"777" isn't a good idea if you value your site and the time/effort/money you have invested in it.

So you would agree...if the server is set up correctly it's a none issue?

Dan

[germ]

Dan Cole, on 09 November 2009, 02:46, said:

So you would agree...if the server is set up correctly it's a none issue?

Dan

You'll never catch me with a "777" permissions folder.

What if they change the server setup that makes this a "non issue" and turns it into a hackers paradise and fail to inform you?


It's just not the thing to do (IMHO).

If you never do it, you never have to worry about it.