[pmwiki-users] Security breach?

DaveG pmwiki at solidgone.com
Mon Dec 22 09:25:35 CST 2008


> What happens is that the hackers use the uploads directory
> (with 777 permissions) to upload php files, and then it seems these php
> files can be used to access other parts of the filesystem (if I
understood
<...snip...>
> If a directory has 777 permissions, is there anything to stop someone
> putting an arbitrary file there? 
Not sure why you have directories set to 777; my uploads and wiki.d
directories are all 775; most other directories are 755. Not sure why some
are 775 -- I suspect they could be changed to 755. Either way, don't set
anything to 777.

 ~ ~ Dave



More information about the pmwiki-users mailing list