read-write-execute

Hi, I’m Martin, and I’m tired of manuals & guides re­com­men­ding “chmod 777” and other real­ly bad sec­urity practices.
  • What you should do instead of chmod 777
  • ask me anything
  • submit a post
  • rss
  • archive

  • WHMCS

    Installing WHMCS, lists a bunch of fails:

    Distrubuted in a ZIP file, ZIP files do not store any file permissions.

    Recommends a permission of 777 on several critical locations: configuration.php, attachments/, downloads/, templates/.

    The security steps page casually repeats the 777 mistake, it then goes on to recommend to put these world-writable directories outside the webservers’s document root. This will almost never protect these directories from tampering.
    Curiously, this page also mentions: You cannot set folder or file permissions to be 777 when running suphp or phpsuexec - the highest permissions are 755 for both folders and files.

    • 4 months ago
    • #security
    • #permissions

  • Hello, world

    echo 'Hello, world' > /dev/tumblr

    • 4 months ago