> What happens is that the hackers use the uploads directory > (with 777 permissions) to upload php files, and then it seems these php > files can be used to access other parts of the filesystem (if I understood <...snip...> > If a directory has 777 permissions, is there anything to stop someone > putting an arbitrary file there? Not sure why you have directories set to 777; my uploads and wiki.d directories are all 775; most other directories are 755. Not sure why some are 775 -- I suspect they could be changed to 755. Either way, don't set anything to 777.
~ ~ Dave _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
