3. Set permissions on scriptDecryptor.php to 777 some script want to have 777 but this is not secure. Can the hackers always get it this way by using the 777? What can you do to stop it?
777 on the file just means there's potential for anything running on the same server to write to that file. Just because the file is writable by anything on the server doesn't automatically mean hackers can get in, however should another site be compromised on the same server as you then there's potentially more risk of your site being hacked. If it's your server and the only site on there then there's less of an issue doing this. You can use suPHP or an equivalent in order to run the PHP script with the user and group of the account, now you can leave the script writable to just the account owner. If you are on shared hosting then you can't install this all you can do is move to a host that supports it. If you have a cPanel based server just recompile Apache/PHP with suPHP, for other control panels you'll have to check with their support. Even if the file is not world writable and you use suPHP, if it's your scripts on your account that gets compromised then the hacker can still write to your files, hence why I started by saying if it's your server and your only site then there's no real issue.
As you are on a shared server you are at the mercy of how they configure it, so unless they are running suPHP or the like you have no choice but to make the file 777 or move host.
Really sucks that there is no way to protect yourself from it if you on a shared server. I guess some scripts can not be used then .
It really depends on your host, we run suPHP on our shared web hosting servers so users never have to make their files or folders world writable. If you and/or your host keep good backups then really it shouldn't be the end of the world.
Well i read there is some thing you can do to write in the folder acces file to protect you aginst some hacks. I do no tunderstand why some get hacked and some not.
You can use .htaccess to limit web access to a folder e.g. RedirectMatch 404 libs/.* to return 404 for any attempt to access the libs folder. However that has no real effect on the file write access permissions, all it does is stops direct access to those files from the web through Apache. So if a hacker gains shell access as another user or manages to run a script as Apache or some such they can still potentially touch those files of yours if they are 777. It comes down to how much do you really need to worry.
Dont use 777. Make the writable folder ownership and group to nobody and set it to 775 permissions. In that way only apache could write not public. Refer to method 2 of this article
Depends what you want to do, Options -Indexes for example disables the default of listing the contents of a folder, the host may have already done this system wide.
For directory chmod 777 it often stores images, library... Create .htaccess file content: <Files ~ "^.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml|asp)"> Order allow,deny Deny from all </Files> If attackers upload above scripts (php, cgi....) they cannot excute