777 permission files and folders hacked

[trap]

Dear all

We have several osCMax sites all with the current security patches etc however there seems to be a problem with hackers exploiting any file or folder with 777 permission.

They then place 3 files via a script which you can usually tell by the timestamp however they are not always named the same: eg guest.php. include.php and always .htaccess can be found in images folder (because of the 777 permission) The script then searches through 777 files and injects some code so that when your site loads it calls the other files it has placed on server. You may or may not even notice your site has been hacked until you physically look at the files.

It does this in EVERY world writeable directory and file it can find on the site eg mainfile.php ,/tmp folder, /cache folder /temp folder. All of these files are required to run OsCmax correctly as I understand.

My Question is this. Will these files / folder or osCMax in general work correctly if the 777 permission is changed to 755 permission allowing image uploads and EP etc to work correctly.

Look forward to your response.

Kind Regards
Trap

[deviantla]

After install I changed all my permissions back (folders to 755 & files to 644). Everything works fine for me.