One import aspect of security is directory permissions. Weaknesses in this areas can result in hosting accounts being suspended and clients accessing legitimate websites being exposted to phishing attacks.

One common attack method involves criminals planting fraudulent website content in legitimate accounts with improperly configured directory permissions. First, automated hacking tools can scan for websites with open directory permissions (public write permissions to be specific). Then the crimimnals will upload fake websites to those directories and reference those fake websites in spam email. Unwitting recipients of those emails will be redirected to the fake websites where they will be prompted to enter account information as part of a login process. This account information can then be used to access the real accounts.

To combat this particular weakness, ensure that NO directories have public write permissions.

Add to Favourites

Print this Article