Hi, I have a few websites, many which require the images folder to be chmod to 777 for the user to upload images using the CMS Today almost every folder on my web server which is chmod 777 seemed to have new files and a new .html file saying it had been hacked bla bla.... How do i get around this ? / Could this person delete files and actually destroy everything or is it just limited to chmod 777 folders ? I guess this must be common as many sites have chmod 777 folders ?
The general rule of thumb is that any folder that the web server can write to is vulnerable. Chmod 777 directories is generally asking for trouble. The best way around it is to fix your script. Storing files in the database might be another A good general rule but one that won't work in your case is to move the 777 directories outside of your web root folder (www or public_html). This way files that are uploaded, cannot be exploited.
Yes, Writable folders are exploitable, but you must be having some vulnerable script which has caused this. Also, if you're having a shared hosting account, then exploitable script on other accounts can even cause this. My advice is to contact your host, and tell him to find the security issue.
There are lots of shells available. You might want to check your server for all files and deleting any shell(whcih ther would be) Also, CHMOD to 644 unless you allow users to upload files etc(which should be CHMOD to 755) Dont CHMOPD 777 to any folder/file in any condition unless you're installing some script and do it temporarily.