I'm a hapless newbie front end dev who has inherited a tangled nightmare of a website that has been cowboy coded for several years. The web host found an infected PHP file which has been removed and so I've been asked to look into security and to "go through the folders and ensure that none have overly generous permissions". The only experience I have with this is a month long process of destroying my local apache permissions on my linux laptop so I'm quite hesitant to mess with this. Forgive me if this question is not specific enough but unfortunately I'm so out of my league that I dont even know what to ask google so I am hoping some of you can either . . .
1 ) provide me with a checklist of things to look for regarding folder permission security
2 ) point me to an article or phrase that will help me do more precise research
3 ) point me to a tool that scans this for me
or
4 ) tell me I'm in over my head and that I'm not going to be able to ensure that our site is secure with a couple days of googling
Thanks!
