Reputation: 3905
How could someone upload a file to my 777 folder on Apache?
I have found a malicious Perl script in uploads folder of my Wordpress site. The permission of uploads folder was 777. And the malicious file belonged to the user that runs Apache.
I changed the permission of the folder to 755. But in this case, I can't upload images from the administration interface of Wordpress. Probably, Apache was misconfigured without chroot.
How could someone upload a file to a 777 folder?
Upvotes: 0
Views: 346
Answers (2)
Reputation: 1062
Immediately contact your hosting provider. 750 all your files and test if you can 500 your wp-config.php. Chances the malicious entity was able to read the MySQL password off the file. You should consider your database to be public, so change the MySQL password and all your WP users passwords.
If your host denies any responsibility, move off that host. They probably run PHP in an incredeby insecure fashion.
Upvotes: 1
Reputation: 1042
Contact your hosting provider and let them know what's happened. Chances are, if you're on a shared hosting server, another users account has been compromised, which has written the script into your 777 permissions folder.
Upvotes: 2
Related Questions
- how a file can execute script to my server?
- PHP file not writable in 777 directory
- How can a hacker put a file on my server root (apache, php, 1and1)
- What is this script doing (found in Wordpress uploads folder)
- Is setting the uploads folder 777 permission secure?
- upload security protection - do i need additional protection on a 777 folder
- Can people write a .php file to my chmod 777 folder
- File upload security with Apache
- files are uploaded as user apache
- How to upload a file to a folder without 777 permission?