1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Security Alert from My Hosting Service

Discussion in 'Troubleshooting and Problems' started by Matthew Hutchinson, Jun 24, 2016.

  1. I just received a security alert from my hosting service. It says the 'internal_data' and 'data' directories had insecure permissions (777), which have been remediated. When I logged into my FTP account and checked the folders, I found they had been reset to 755.

    The XF installation guide says both of those directories must be set at 0777. I just talked to a support rep for my hosting service who told me 777 is generally not safe, and that I will likely receive additional security alerts if I keep those permissions.

    What should I do?
     
  2. Mike

    Mike XenForo Developer Staff Member

    The specific requirement varies based on how your hosting works. 0777 is just a value that works more generally. I assume that if they're preventing 0777, that they have a setup that allows the web server/PHP user to write in those directories, so it should be fine. You can test by uploading an attachment to a thread or changing your avatar.
     
  3. So I should be ok with 755?
     
  4. Mike

    Mike XenForo Developer Staff Member

    Provided the functions I mentioned work as expected, yes.
     
  5. Just tested both functions with permissions set on 755, and they worked. Thanks!
     

Share This Page