777 Perms and my hosts
I'm looking for some knowledge to help me better deal with a hosting company I'm with.
The story so far,
I host sites with two different companies, one large congolmarate shared hosting company, and on an admin/friends server with only five or ten other sites.
On the small admin-friend hosted sites, I have never, had a secuirty issue. I run gallery, a couple of blogs using different apps. Nothing different than on the shared hosting service. I've been advised by the admin of this server that directories with 777 perms are okay.
On the shared hosing service, I have a few 777 directories. 777 because files are uploaded via the ftp user, then modified by the web user.
The first secuirty isssue, files showed up in the 777 directory that I didn't put there.
The second security issue, config.php of the gallery installation was modified with an inline frame pointing to some other site. I know this is my fault for not changing the perms to 755 or more restrictive.
So I have two questions,
Are 777 directories safe?
Are shared hosting companies often prone to exploits?
