On Wed, Aug 16, 2017 at 12:02 PM, Tedd Sperling <tedd@xxxxxxxxxxxx> wrote: > > We had an incident happen at the college where I teach — the IT guy said: > > > After further inquiry, it appears a bad guy used a php vulnerability > injection over http to enter into a folder on CITW. This was made > possible because the permissions were misconfigured (execute was set to 755 > instead of normal 644). > > > My understanding of permissions is that 755 is normally thought of as > secure — is that not true? > 755 is typical for directories, but 644 for files. https://premium.wpmudev.org/blog/understanding-file-permissions/ That said, I often even reduce the permissions beyond 644 in production environments. Adam
