Thread

One of my sites on a shared hosting environment was recently defaced. The CI apps i had on the server seemed to hold up pretty well against intrusion except one where i was using simplepie and a cache folder with permissions set to 777.

It looks like the intruders were able to gain access to the shared server then just went thru and looked for any files or folders in all accounts on the server with permissions set to 777 and then had all sorts of fun in those areas.

So, does anybody know how to get simplepie to work without having a cache folder set to 777? As every time i set the cache folder to anything other than 777 i get i nice warning appearing at the top of my pages:

Severity: User Warning
Message: /home/mysite/public_html/application/cache/e126761e8ae74b6192cbf9ea2b46b1eb.spc is not writeable
Filename: libraries/simplepie.php
Line Number: 1773

Hmmm… the fact that it’s shared hosting might be a problem.

If it were your server, I would suggest to try setting ownership on the folders you want writeable but protected to the apache user, then chmod’ing those folders to 775 or 755.

Yeah, I think you’re right. I tried a number of different permission settings and it would always throw an error about the cache file not being writable if it was not set to 777. So, my choices seem to be limited in a shared-hosting envirment.

Another way is you could set a new more hidden cache folder, then use .htaccess to stop anyone accessing it, this would work in a shared environment, but is still not 100% secure. If you did this i would recommend that simple pie only used that cache folder and no other part of the app linked or touched it.