...

View Full Version : Uploading Files and 777 Permission Security



codegreen
12-28-2006, 07:19 AM
Hi,
I have a form that allows users to upload only .jpg files. Somehow a hacker was able to upload a php file which in turn he/she used to send out spam mail. It later occured to me that the hacker didn't even use the form because at the time there was no way for him/her to log in and access that page. Of course, the directories where I put the images have 777 permission.

Can a hacker remotely upload files to a 777 folder?

Is there a way to allow users to upload images without 777 permissions?

Thanks

whizard
12-28-2006, 07:23 AM
if you have a 777 folder, anyone can write to it

Dan

_Aerospace_Eng_
12-28-2006, 09:51 AM
As whizard said anyone can upload to it but something tells me your server shouldn't have allowed this. I found this thread that has a lot of useful information on it.
http://www.sitepoint.com/forums/showthread.php?p=3198948
I'm not sure how much of it will work though.

770 might be safer permissions to use.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum