I have received the email copied below from hosting company, Easyspace, about permissions and security. I have had this message once before and did change the permissions on the world and group but found that none of the images were visible on the site anymore. So I reset them and have just had the warning again. Does anyone have suggestions for what permissions I should set that will allow the site to still run, please?
please treat this matter as a priority. If you
have no web development experience yourself, we
recommend that you contact the agency that built
your website. They or another web developer will
be able to make these changes for you and test
your site for resilience.
Domain Name: *******************
As part of your service, Easyspace regularly scans
our webservers for potential threats and security
concerns. Unfortunately in our most recent scan,
we have identified some files and folders which
have permissions set which could pose a security
risk to your website, including but not limited to
It could be that things have been set this way on
purpose, quite often software vendors require that
777 or 775 permissions are setup on particular
folders in order for the software install to
function correctly. Examples of software which
require this are; Actinic shops; CMS like Xoops,
Mambo / Joomla and Wordpress; file upload scripts'
message boards like phpBB and guest books.
We have recently implemented security changes
which now mean that all scripts, CGI, PHP etc.
hosted on these systems no longer need these
additional permissions. All of your scripts should
run just fine with the default permissions when
you upload them.
When files are uploaded to the webspace via an ftp
client, the permissions will no longer need to be
changed from the default 644 for your applications
to work. Further to this however, sometimes the
application may create a session cookie with 777
or 775 permissions, we would ask that you either
alter the application code to prevent the files
being created with these permissions or move the
content out of the web accessible space. You may
wish to contact your web developer or application
provider for help with this.
We have identified the following files / folders
within your webspace which are set to World and
Group-Writeable and would ask that you update the
permissions on these files appropriately:
Usually you can recursively change the permissions
on a folder via your ftp client, this will allow
the files within the folder to inherit the folder
permissions preventing you from having to manually
alter the permissions for every individual file.
Please treat this matter as a priority, If you
have any further questions we would ask that you
please raise a ticket in your Support Area at
http://support.easyspace.com or alternatively
contact our Support Team on 0870 755 5066 for
Please note this email address does not not
respond to replies.
Easyspace Customer Support