A directory or file that is set to 777 can be written by anybody. So hacker can exploit 777 directory easily, inserting code and even files into your server and then use that file or code to affect more files on your server and place backdoor.
A 777 directory should be used very carefully and should be avoided. It is most often used when there are images that need to be uploaded or any file types that can not be executed.
Any executable script (php, phtml and html files included) should NEVER, ever be set to 777. This allows hackers to access them, change their lines of code in specific cases, and destroy your server. So any script or code that is set to permission 777 is dangerous. And any directory set to 777 that has such files in it is dangerous.
It is easy to spot files and find directories with permission 777 with SSH access using command:
find . -perm 777 -name "*.*"
The command will return all files and directories that have 777 permission. It runs recursively from your current directory, and in case of a lot of files, it may take the server a while to list the files.
A lot of shared hosts does not allow SSH access therefore webmaster need a PHP SCRIPT file that can be uploaded & opened in browser address bar.
PHP code which searches for files and folders with 777 permissions.
The script allows to specify the directory and permission type. Just copy and paste the bellow code to the file named "find777.php", upload it via FTP client to your base directory and open it in your browser:
http://yoursite.tld/find777.php
<?php
echo '<html><form action="find777.php" method="post">Scanning dir: <input value="'.getcwd().'" type="text" name="dir"><br>Permissions: <input value="0777" type="text" name="perm"><br><input type="submit"></form><br>';
if (isset($_POST["dir"])&&$_POST["dir"]!=''&&$_POST["perm"]&&$_POST["perm"]!=''){
$results=getDirContents($_POST["dir"]);
foreach ($results as &$value){
echo $value."<br>";
}
}
function getDirContents($dir, &$results = array()){
$files = scandir($dir);
foreach($files as $key => $value){
$path = realpath($dir.DIRECTORY_SEPARATOR.$value);
if(!is_dir($path)) {
$debug=substr(sprintf('%o', fileperms($path)), -4);
if (substr(sprintf('%o', fileperms($path)), -4)==$_POST["perm"]){
$results[] = $path;
}
} else if($value != "." && $value != "..") {
getDirContents($path, $results);
if (substr(sprintf('%o', fileperms($path)), -4)==$_POST["perm"]){
$results[] = $path;
}
}
}
return $results;
}
?>
The PHP permissions searcher utility script screenshot:
LightInTheBox.com is an international online store based in China. The site provides cheap and reliable items (mainly produced in China) to both individual and company consumers. They sell a total of more than 60,000 kinds of commodities covering 14 categories of products including clothing, electronics, toys, jewelry, household and sporting items. LightInTheBox already hashundreds of millions ofregistered users from all over the world and delivers products to consumers in over 200 countries and territories.LightInTheBox was listed in New York Stock Exchange (NYSE) in 2013. The site has outstanding service, fast delivery and high quality products. It is a trustworthy online store from China.
Banggood.com was established in 2004, specializing in foreign trade e-commerce for almost everything you need. Based in Guangzhou, Banggood is dedicated to offering low price, high quality itmes to international customers. The site offers a wide range of itmes including: apple accessories, cell phones, electronics, toys, clothing and jewelry. Banggood features faster delivery service, and they make sure all items go through quality testing before being shipped.
Beijing-based En.jd.com is one of the largest B2C e-commerce platforms from China. The site is owned by JD.com, China's second largest online retailer. It provides about 40.2 million authentic products across 13 categories including computers, cell phones, home appliances, cosmetics, clothing and shoes, watches and jewelry. Its competitive prices and speedy & reliable delivery service guarantee you a fantastic shopping experience. Its delivery service can reach more than 35 countries and regions including such as America, Canada, France, Germany, Australia and Southeast Asia.
Chinavasion.com is an ecommerce-only wholesaler selling all kinds of hi-tech gadgets and electronics products from China. The company is based in Shenzhen, a main electronics manufacturing center, where you can find top factories that make Apple, Samsung, Sony, HTC and other branded electronic products. That`s why Chinavasion can offer competitive prices for the same items. The site boasts more than 360,000 registered buyers, delivering to almost every country and regions worldwide.
Everbuying.com is a leading online wholesale platform from China specializing in electronic devices and fashion products. They offer a wide collection of high-quality products including latest cell phones, tablets, car DVD players, wedding dresses and sports equipment – all at the most competitive factory-direct wholesale prices. There are two important benefits on Everbuying, all customers enjoy “Free Shipping Worldwide” and“30 Days Money Back.”
MadeInChina.com is an online B2B e-commerce platform connecting “China Suppliers” with global purchasers. Its online store provides affordable and reliable items including home décor, personal accessories, electronic gadgets and kitchen appliances, home household appliances and more. The site features FREE SHIPPING WORLDWIDE.
Founded in 1996, Made-in-China.com is a leading B2B electronic business portal based in China. The site offers the most complete and latest information on Chinese products and suppliers. Just like its slogan says “Connecting Buyers with China Suppliers,” Made-in-China do a good job of linking two sides.
DHgate.com is one of China’s oldest and biggest B2B online marketplaces for items produced in China. The platform mainly connects small and medium suppliers with buyers overseas; users can order Chinese produced goods directly through the site.
Located in Beijing, TradeTang.com is a fast growing e-commerce portal in China. It is a global B2B wholesale platform that offers products in bulk straightly from factories, which means the lowest prices and fast delivery.