Hello!
Today my gallery was hacked. I have version 1.7.1 with all security patches.
I removed all the files and everyting is working just fine.
My host changed the following:
Data chmod 777 - changed to chmod 755
Files in Data chmod 666 - changed to chmod 644
Templates chmod 777 - changed to chmod 755
Files in Templates/Default chmod 666 - changed to 644
etc.
My host say that this is much safer. I have tryed to upload and send ecards after these
changes and it works. How can this be? In the installation instructions it says clearly that
the following is important:
chmod 777 (drwxrwxrwx) : data
chmod 777 : data/database
chmod 777 : data/media
chmod 777 : data/thumbnails
chmod 777 : data/tmp_media
chmod 777 : data/tmp_thumbnails
chmod 777 : templates
chmod 777 : templates/default
chmod 777 : templates/default/media
chmod 666 : all files in the directory "templates/default"
chmod 666 : all files in the directory "templates/default/media"
My question is: How is it possible that my site works with the new chmod settings?
And one last thing. My host also said that he has shut down "registrar_globals" on my account.
I have no idea what that is...
Best Regards,
teizus