1

I know it is, but I made the mistake anyway while troubleshooting something and forgot to reset it to 755. That being said, I don't really understand HOW someone would hack a website. I understand hacking SSH / FTP, but a webserver seems different to me.

Does the vulnerability lie in the site coding such as a Wordpress flaw? Assuming I told you that http://somedomain.com/ was 777 but there were no files on it, could you hack it? If there was a basic index.php, or do you have to have a form that they can inject code into?

Is there software like Chrome Postman that lets you write to the server if you know the directory is writeable as if it were FTP?

I haven't spent much time thinking about HOW a site gets hacked, I just clean up the mess afterwards every few years which got me a little curious.

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
Alan
  • 2,046
  • 2
  • 20
  • 43
  • 1
    **Related**: http://stackoverflow.com/questions/11271596/how-will-a-server-become-vulnerable-with-chmod-777 – Script47 Aug 19 '16 at 16:07
  • **Related**: http://stackoverflow.com/questions/8115159/can-people-write-a-php-file-to-my-chmod-777-folder – BadHorsie Aug 19 '16 at 16:11
  • The short answer is: Hackers can exploit software vulnerabilities to gain limited or unlimited access to a system. If the access they gain is unlimited then it doesn't matter, but if they only can gain limited access then some OS safety mechanisms can still kick in and protect parts of the system, e.g. file permissions can prevent access to files containing OS settings etc. – apokryfos Aug 19 '16 at 16:18
  • It's the difference between you knowing there's a key hidden in the rock beside the door, and your neighbor knowing there's a key hidden in the rock in the door, and you putting a sign on the door saying "key in rock over --> there". – Marc B Aug 19 '16 at 16:24

0 Answers0