避免黑客使用CHMOD为777的文件夹 [英] Avoid hacking with folder has CHMOD is 777

问题描述

我们的网站被黑了，原因是该文件夹具有777权限，这意味着人们可以在那里上传文件并远程运行脚本.但是，该文件夹必须为777，因为该站点具有客户端功能来裁剪图像，并且需要在其中保存裁剪后的图像.

Our website was hacked due the fact a folder had 777 permissions which means people can upload files there and run scripts remotely. However, the folder needs to be 777 as the site got a client feature to crop images, and need to save the cropped images there.

如何保护此文件夹并防止被黑客入侵?

How can I secure this folder and prevent hacking?

请告诉我该怎么做?非常感谢！

Please show me how to do this? Thanks a lot!

推荐答案

CHMOD 777本质上是不安全的.它仅用于暂时避免在安装脚本时出现问题.安装脚本后，将其修改为类似755的格式.要保护它的安全，您必须将访问权限更改为完全打开以外的其他权限.

CHMOD 777 is inherently unsafe. It's only used to temporarily avoid issues when installing scripts. After installing scripts, you CHMOD it back to something like 755. To secure it, you will have to change the access to something other than wide open.

要让用户裁剪图像，我建议使用常规的JavaScript裁剪器，例如 Jcrop

To have a user crop an image I would recommend a conventional javascript cropper like Jcrop

这篇关于避免黑客使用CHMOD为777的文件夹的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！