View Full Version : Uploading Files and 777 Permission Security

12-28-2006, 07:19 AM
I have a form that allows users to upload only .jpg files. Somehow a hacker was able to upload a php file which in turn he/she used to send out spam mail. It later occured to me that the hacker didn't even use the form because at the time there was no way for him/her to log in and access that page. Of course, the directories where I put the images have 777 permission.

Can a hacker remotely upload files to a 777 folder?

Is there a way to allow users to upload images without 777 permissions?


12-28-2006, 07:23 AM
if you have a 777 folder, anyone can write to it


12-28-2006, 09:51 AM
As whizard said anyone can upload to it but something tells me your server shouldn't have allowed this. I found this thread that has a lot of useful information on it.
I'm not sure how much of it will work though.

770 might be safer permissions to use.