On Apr 23, 2010, at 10:11 AM, CheekyGeek wrote: > Sounds like you had a 777 (world writable) folder in there somewhere? > (Probably for uploads) > This WILL be found by spammers, Belgians, and other undesirables. > (I KID, I KID!)
Just wanted to point out that 777 doesn't mean that anyone in the world can magically write files wherever they want. This is because filesystem permissions only operate within the context of user accounts on the hosting server. In general that is just splitting hairs as the httpd process needs write access to be able to update the Wordpress core and its plugins, or to upload photos. But the site needs to present some method of uploading files before a file can be uploaded, security vulnerabilities notwithstanding. A well-written application should have very tight controls over where files can be uploaded. It shouldn't even provide a public mechanism to upload anything unless it's absolutely necessary. I really don't envy the job of web hosting providers. I've seen situations ranging from the home page of a single site being defaced, all the way up to a large portion of a provider's data centre disappearing off the face of the (virtual) earth because a hacked server was sending dodgy packets that crashed their routers. Cheers, Dave -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
