777 chmod issues

[surfbob]

Yes, the dreaded 777 chmod issues strikes again!!!

While making a few edits to my vbulletin forum (it`s upto date), my heart sank when I noticed a bunch of .php files (file name was a string of randomly generated numbers) & modified .htaccess files in the root of number of directories and their subfolders. This was in all the 777 folders throughout the said website.

I decided to look into another domain I host, low and behold these damned files were there too. In fact they`re in every 777 folder throughout my reseller account (all the domains).

I know 777 permissions are the ultimate sin, but I hear about using phpsuexec and all these other geek talk things, but it seems like a heck of a lot of trouble with scripts possibly breaking.

Now I have the fun task of clearing out all these random php and htaccess files. A real pita because they are all named differently. Jeez if they were all named "hack.php" I could kill them in one shot

Now the thing is, a script must be insecure because these bozos need some level of access first to exploit the 777 folders? I assume an insecure script on one domain can effect the other domains I host in my reseller account? I don`t have a level of geekiness to understand scripts and security yet.

Whew, I have no idea where to start Thankfully, "touch wood" no major files ie: index have been modified or anything.

Is this only happening with your VB install? Also not to worry, they cannot do much at all with uploaded PHP scripts due to open_basedir, mod_security, and other various security.

[surfbob]

Nope these files (both php and htaccess) can be found in every 777 chmod folder throughout my reseller account, yes that`s every domain. Meaning I have no idea which script is vulnerable.

I know my own vb install is upto date, and I`ve updated an Invision install for a client last night. I guess I`ll just have to have an extra pair of eyes.

[eddus]

support guys should see if there is another case on the same server cause that could means, you are getting hacking visitors inside the server.

[jrawly]

Quote:

Originally Posted by surfbob

Now I have the fun task of clearing out all these random php and htaccess files. A real pita because they are all named differently. Jeez if they were all named "hack.php" I could kill them in one shot

You could setup some kind of monitoring script that would "ignore" all the files that should be there, and either mail you, or delete the files that shouldn't