View Full Version : Uploading Files and 777 Permission Security

12-28-2006, 06:19 AM
I have a form that allows users to upload only .jpg files. Somehow a hacker was able to upload a php file which in turn he/she used to send out spam mail. It later occured to me that the hacker didn't even use the form because at the time there was no way for him/her to log in and access that page. Of course, the directories where I put the images have 777 permission.

Can a hacker remotely upload files to a 777 folder?

Is there a way to allow users to upload images without 777 permissions?


12-28-2006, 06:23 AM
if you have a 777 folder, anyone can write to it


12-28-2006, 08:51 AM
As whizard said anyone can upload to it but something tells me your server shouldn't have allowed this. I found this thread that has a lot of useful information on it.
I'm not sure how much of it will work though.

770 might be safer permissions to use.

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum