I had a security breach on my account over at Dreamhost, probably through the timthumb.php vulnerability on a *ahem* Wordpress site. Anyway, it’s been fixed and things have been cleaned up. I was wondering if having permissions set to 755 is ok, instead of 777 for the directories below. In an effort to secure my account, Dreamhost did a scan and found 777 permissions on these and said the following:
777 is not necessary on our hosting setup. Your CMS will run perfectly fine set to 755 here.
Does that sound ok and can anyone confirm that? Here are the directories:
/images/captchas
/images/avatars
/images/avatars/uploads
/images/uploads
/images/signature_attachments
/images/pm_attachments
/images/member_photos
/system/expressionengine/cache
/system/expressionengine/cache/twitter_timeline_cache
/system/expressionengine/cache/ee_version
/system/expressionengine/templates/default_site/includes.group
/system/expressionengine/templates/default_site/in-the-news.group