1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

data / internal_data directories

Discussion in 'XenForo Questions and Support' started by trilogy33, Mar 2, 2011.

  1. trilogy33

    trilogy33 Well-Known Member

    This is weird, I've just noticed that my data and internal_data dirs have changed to 755

    Quickly, they should be 777 correct?
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Yes, 777.

    Including all subdirectories.
  3. trilogy33

    trilogy33 Well-Known Member

    Thanks for the speedy reply Brogan :)
  4. Mr. Wah

    Mr. Wah Member

    Just thought I'd bump this thread, as apparently someone found these folders and posted malicious code in the folders as it was set to 777. What's the purpose of these folders? Should all the files be 777 as well? or is 755 alright?
  5. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Those directories store avatars and attachments, and sometimes temporary data.

    Those directories need to be writable. 777 is fully writable. On some servers you can get away with fewer permissions. It depends on how PHP is installed. On my server I can get away with 755.

    It sounds like your server may have been compromised.
    Fuhrmann likes this.
  6. Floris

    Floris Guest

    Good luck proving it was through xenforo that data was written to those directories.
    They have .htaccess file inside them as well.

    The data is publicly readable, as called within the xenforo app.

    If anything is written to it, it's done through another piece of code and called within it.

Share This Page