On Sat, Oct 4, 2014 at 1:28 PM, Richard < replies-lists-e7x6-php@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > No. Your public_html folders should not be set r/w/e (777). They > > should be like the following: > > > > owner = 7 .. read, write, execute > > group = 5 .. read, execute > > public = 5 .. read, execute > > > > *NOTE - Even the public_html folder should be set at 755. > > > Also, what "user" owns these directories/files? What "user" does the > web server that serves them run as? [if they are the same the > permissions almost (not totally) moot.] > > - Richard > > Servers have the following options: 1. root 2. nobody 3. The owner of hosting account. If viewing with filezilla, you will see the "owner" on the far right. As I have explained, a crafted cross-site-scripting attack or sql injection attack will STILL ALLOW your site to hacked as permission at this point are moot.
