I just had one of the sites I was developing hacked and at first I was pointing the finger at MPMU, though I am using 3 different scripts to power the site. One of the scripts is Gallery2 which I now believe was the soft spot which the hacker found and used to his advantage.
In order for the script to function properly permissions to the main directory have to be set to 777, I dont know a whole hell of allot about server security, but I do know this usually not good, allowing permissions on all levels to write.
So my question is, can a directory be made secure from attacks that has its permissions set to 777, is there some other setting or counter balance that would make the writable directory secure while still being writable? If not I cant see how a script like this has survived and is so popular if so vonerable.
In order for the script to function properly permissions to the main directory have to be set to 777, I dont know a whole hell of allot about server security, but I do know this usually not good, allowing permissions on all levels to write.
So my question is, can a directory be made secure from attacks that has its permissions set to 777, is there some other setting or counter balance that would make the writable directory secure while still being writable? If not I cant see how a script like this has survived and is so popular if so vonerable.