Page 1 of 1

My host flagged the cache folder as a security risk?

Posted: Thu Sep 01, 2016 12:21 pm
by dpaanlka
I installed a brand new, clean 3.1.2 board last week. Today I got the following message from my host (DreamHost):
Unfortunately, we found some potential indications that your website(s) *may* be compromised.

The following files/directories had insecure permissions (777), which
have been remediated.

/info-mac.org/cache
Later I spoke with support and they said the cache directory permissions were the only problem identified by their automated system. The directory's permissions are now 755. I looked around a little bit on the server and don't see anything else that is 777. Visiting my board, it also seems to be unaffected.

My question is, does this look like anything I should be alarmed about? What are the default permissions for cache/ supposed to be?

Thanks!

Re: My host flagged the cache folder as a security risk?

Posted: Thu Sep 01, 2016 12:33 pm
by JimA
No, having cache (amongst some other folders) at 777 is normal and a requirement for running phpBB.
Have a read of this article and direct your host to it if necessary: KB - phpBB3 Chmod Permissions

Re: My host flagged the cache folder as a security risk?

Posted: Thu Sep 01, 2016 1:09 pm
by dpaanlka
Thank you so much for your quick response. I will pass this information along to them.

Re: My host flagged the cache folder as a security risk?

Posted: Thu Sep 01, 2016 1:16 pm
by Brf
JimA wrote:No, having cache (amongst some other folders) at 777 is normal and a requirement for running phpBB.
Actually, 755 should work fine if the Anonymous Internet user is the owner of the folders that are normally set to 777. That should be something your host can arrange if they are concerned with the 777 permissions.