1.06 CHMOD

[lanesharon]

Could someone tell me which directories and files need to be left with a CHMOD of 777?  Can any of those be 775?  Will their be a problem if I password protect those directories through cpanel?

[Pierre M.]

If you have a working CMSms installation and if you have followed the installation instructions, please just try to strengthem the security by chmoding 777 to 775 or 755. But of course some things need to be writeable, as the cache in tmp/.
Permissions are dependant of hosting contexts, there are no worksallways solution (but installation instructions are good), just try.
Search these forums for 777, 644, 755 and such.
Have fun.
Pierre M.

[cnymike]

lanesharon, I'm still groping in the dark regarding permissions and ownership and other UNIX things, but since I"ve had two websites on two different servers hacked in the last several months, I can say with 100% confidence that if your website is on a shared server (and most are) and if you are not using php-cgiwrap or suexec (most aren't) and you have -any- world-writable directories (ie: 777) then you are at risk. The reason you are at risk is that if you have a exploit in any script, or if any other user on the shared server has an exploit in a script that is hacked, that hacker can wreak havoc.

[lanesharon]

I am going to try 775.  Then set up a new user account and see if I can upload anything into the uploads directory.  That will answer my question for me.  Thanks.