File copy issue help!
I have folders on a site which is 777. It is used to upload files using web form and files are stored in it. But due to 777 someone is using the folder to upload phishing pages. Due to which i am getting notices from my host again and again.
I tried to change permission so that public cannot write but then the php won't upload the file and gives error.
What to do ? Help me!
I don't really think this is a permissions issue, is sounds like it's more of a form validation and filtering issue.
You need to ensure that the files that can be uploaded are what you expect, and from who you expect.
Additionally, store the uploads in a folder inaccessible to the public, this way no-one but you can execute/view/use them.
You would probably do yourself some good by reading this
But like SilverBulletUK said, this problem is primarily because you do not have adequate validation in place for the way you allow these uploaded things to be used. Allowing uploads and maintaining security is not often a trivial task.
I have seen in some scripts that they are able to write to server without 777 how they do it ?
It depends on which user the php program runs as, but you never need 777 to write. Consider studying unix filesystem permissions.