Hi All.

I have just gone through a distressing time with my hosting company.

I design and host web sites for a number of companies around the United Kingdom. I, like most people rent web space from a hosting company.

Last week one of the sites that I designed and host was hacked by someone
who uploaded some files and truned my site into a PHISHING site.

My hosting company lock all access to my rented area, and so they should have.

My question is what directory and files rights should I be setting on the web server.

What I have at present is.

Root access:- all rights.

Directories

Owner:- rwx
Group:- r x
Public:- r x

Files

Owner:- rwx
Group:- r x
Public:- r x

I have had no problems in the past but the past is the past, I am I settingthe correct rights.

Any help or advice would be good.

Kind regards

Dereck

I'd remove all Group and Public permissions. The user running the web server only needs read access except for the log directory.

Of course the other aspect of the situation is the person that altered your site may have gained access in a way totally unrelated to your account or sites.

Hi and thanks for your reply,

If I remove the permissions for Group and Public no one can read the
site in thier browsers.

Anymore ideas?

Many thanks

Dereck

If I remove the permissions for Group and Public no one can read the
site in thier browsers.That's not the way it should work. The only user that should need read permissions to the doc tree is the web server user. If the hosting service has it set up any other way then THEY are the ones at fault for your site being defaced.