Hi all,
My client has up until now been managing his own dedicated server and as a result, it has been hacked on a number of occations.
This was originally on a Ubuntu box running Matrix.
Now he’s purchased another one to move everything across to (not sure why but it’s his money) and I need to lock it down big time.
His initial problem was that the majority of his scripts were cut and paste and he also gave the folders full 777 access.
So my first step. Try and stop the images/uploads folders from having any execute permissions (i.e. php, asp, asp.net etc.)
Is this possible? The plesk user accounts are rather confusing as apparently the iusr_{domain} account controls php and when I denied execution permissions it still parsed a php file.
Any idea’s would be appreciated.
Regards
Gavin