XF 1.5 Security Alert from My Hosting Service


Active member
I just received a security alert from my hosting service. It says the 'internal_data' and 'data' directories had insecure permissions (777), which have been remediated. When I logged into my FTP account and checked the folders, I found they had been reset to 755.

The XF installation guide says both of those directories must be set at 0777. I just talked to a support rep for my hosting service who told me 777 is generally not safe, and that I will likely receive additional security alerts if I keep those permissions.

What should I do?
The specific requirement varies based on how your hosting works. 0777 is just a value that works more generally. I assume that if they're preventing 0777, that they have a setup that allows the web server/PHP user to write in those directories, so it should be fine. You can test by uploading an attachment to a thread or changing your avatar.
Top Bottom