Tweet
Alright. My sites are being clobbered by hackers and whatnot.. I'm not saying they're getting in through vBulletin - but probably some other script. Still, I just can't be sure.. I'm weary of any world-writable directories (chmod 777). If I'm not mistaken, the "attachments" folder and "customavatars" folder needs to be set this way. Isn't it possible for anyone to come along and upload malicious scripts or rootkits to those folders? If not, how? How are they blocked from doing so?
For now, I've turned off all attachment and avatar uploads on my forums. Is there any way around this besides storing everything in my database - which is already too large as it is? I want to be proactive rather than be reactive.. It seems the only way to be secure is to not allow any way for people to upload to my server...
For now, I've turned off all attachment and avatar uploads on my forums. Is there any way around this besides storing everything in my database - which is already too large as it is? I want to be proactive rather than be reactive.. It seems the only way to be secure is to not allow any way for people to upload to my server...
Is THAT it? That's the solution? So placing these directories before "public_html" would do the trick?
Comment