[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Is it dangerous to change the file permissions on a folder on

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. Is it dangerous to change the file permissions on a folder on
Thread replies: 9
Thread images: 2

Anonymous
2016-09-18 15:43:58 Post No. 56663594
[Report] Image search: [Google]
File: juncker.jpg (92KB, 310x340px) Image search: [Google]
juncker.jpg
92KB, 310x340px
Anonymous 2016-09-18 15:43:58 Post No. 56663594 [Report]
Is it dangerous to change the file permissions on a folder on your website to 777?
>>
Anonymous 2016-09-18 15:48:53 Post No.56663663
[Report]
Anonymous 2016-09-18 15:48:53 Post No.56663663 [Report]
nope.
Wanna link me to your server?
>>
Anonymous 2016-09-18 15:54:47 Post No.56663741
[Report]
Anonymous 2016-09-18 15:54:47 Post No.56663741 [Report]
>>56663594
Security is an interesting beast because some things aren't dangerous alone but when mixed with another mistake become awful security holes.

Changing a folder to be 777 means anyone can write to the folder IF they have some way to tell the server that they want to write to it. So if you only access the server locally (via a keyboard and monitor) and there's no SSH or FTP server running, odds are no one will be able to write files even though the folder says they have permission to.

But if you install an FTP server, many FTP servers have an "anonymous" user enabled by default. The anonymous user has no permissions EXCEPT those granted to "everyone". Meaning someone could then log into your server and start editing and writing files.

You might think "that's not so bad... it's a subdirectory on my web server where I'm temporarily storing uploads -- it's not like they can edit my site". But what if your site has PHP enabled? They could then upload a PHP script and run it, and that would run under the Apache user: not the anonymous user. Now with a cleverly crafted script they can edit your website.

Then you may wonder why someone would even want to edit your website. Well suppose they inject javascript onto the page that starts popping up ads like crazy. They don't care if your SEO rank falls: they just got paid for thousands of ad views.

For BEST security, start with 400 (you can read but not write or execute) and add permissions only as necessary.
>>
Anonymous 2016-09-18 15:57:30 Post No.56663772
[Report]
Anonymous 2016-09-18 15:57:30 Post No.56663772 [Report]
As mentioned by >>56663741 it can be a problem mixed with other issues.

A long time ago I had a wordpress install compromised. The way the guy got in was by exploiting an extension to make modifications to the site theme on disk. If that folder hadn't been user-writable, the guy wouldn't have been able to do anything.
>>
Anonymous 2016-09-18 16:01:26 Post No.56663821
[Report]
Anonymous 2016-09-18 16:01:26 Post No.56663821 [Report]
>>56663772
>>56663799

haha oh no, did they they take down the server?
>>
Anonymous 2016-09-18 16:28:31 Post No.56664198
[Report]
Anonymous 2016-09-18 16:28:31 Post No.56664198 [Report]
>>56663663
here's the ip 127.0.0.1
>>
Anonymous 2016-09-18 16:30:38 Post No.56664223
[Report]
Anonymous 2016-09-18 16:30:38 Post No.56664223 [Report]
>>56664198
You are gonna regret that kiddo
>>
Anonymous 2016-09-18 16:31:55 Post No.56664242
[Report]
Anonymous 2016-09-18 16:31:55 Post No.56664242 [Report]
lmao nerd faggots
just chmod -R 777 /
poof all problems gone
>>
Anonymous 2016-09-18 17:02:42 Post No.56664641
[Report] Image search: [Google]
Anonymous 2016-09-18 17:02:42 Post No.56664641 [Report]
File: 9ff.png (286KB, 600x584px) Image search: [Google]
9ff.png
286KB, 600x584px
>>56664242
Thread posts: 9
Thread images: 2
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.