• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

data / internal_data directories

trilogy33

Well-known member
#1
This is weird, I've just noticed that my data and internal_data dirs have changed to 755

Quickly, they should be 777 correct?
 
#4
Just thought I'd bump this thread, as apparently someone found these folders and posted malicious code in the folders as it was set to 777. What's the purpose of these folders? Should all the files be 777 as well? or is 755 alright?
 

Jake Bunce

XenForo moderator
Staff member
#5
Just thought I'd bump this thread, as apparently someone found these folders and posted malicious code in the folders as it was set to 777. What's the purpose of these folders? Should all the files be 777 as well? or is 755 alright?
Those directories store avatars and attachments, and sometimes temporary data.

Those directories need to be writable. 777 is fully writable. On some servers you can get away with fewer permissions. It depends on how PHP is installed. On my server I can get away with 755.

It sounds like your server may have been compromised.
 
F

Floris

Guest
#6
Good luck proving it was through xenforo that data was written to those directories.
They have .htaccess file inside them as well.

The data is publicly readable, as called within the xenforo app.

If anything is written to it, it's done through another piece of code and called within it.