777 files and directories are dangerous:
A directory or file that is set to 777 can be written by anybody. So hacker can exploit 777 directory easily, inserting code and even files into your server and then use that file or code to affect more files on your server and place backdoor.
A 777 directory should be used very carefully and should be avoided. It is most often used when there are images that need to be uploaded or any file types that can not be executed.
Any executable script (php, phtml and html files included) should NEVER, ever be set to 777. This allows hackers to access them, change their lines of code in specific cases, and destroy your server. So any script or code that is set to permission 777 is dangerous. And any directory set to 777 that has such files in it is dangerous.
It is easy to spot files and find directories with permission 777 with SSH access using command:
find . -perm 777 -name "*.*"
The command will return all files and directories that have 777 permission. It runs recursively from your current directory, and in case of a lot of files, it may take the server a while to list the files.
A lot of shared hosts does not allow SSH access therefore webmaster need a PHP SCRIPT file that can be uploaded & opened in browser address bar.
PHP code which searches for files and folders with 777 permissions.
The script allows to specify the directory and permission type. Just copy and paste the bellow code to the file named "find777.php", upload it via FTP client to your base directory and open it in your browser:
http://yoursite.tld/find777.php
<?php
echo '<html><form action="find777.php" method="post">Scanning dir: <input value="'.getcwd().'" type="text" name="dir"><br>Permissions: <input value="0777" type="text" name="perm"><br><input type="submit"></form><br>';
if (isset($_POST["dir"])&&$_POST["dir"]!=''&&$_POST["perm"]&&$_POST["perm"]!=''){
$results=getDirContents($_POST["dir"]);
foreach ($results as &$value){
echo $value."<br>";
}
}
function getDirContents($dir, &$results = array()){
$files = scandir($dir);
foreach($files as $key => $value){
$path = realpath($dir.DIRECTORY_SEPARATOR.$value);
if(!is_dir($path)) {
$debug=substr(sprintf('%o', fileperms($path)), -4);
if (substr(sprintf('%o', fileperms($path)), -4)==$_POST["perm"]){
$results[] = $path;
}
} else if($value != "." && $value != "..") {
getDirContents($path, $results);
if (substr(sprintf('%o', fileperms($path)), -4)==$_POST["perm"]){
$results[] = $path;
}
}
}
return $results;
}
?>
The PHP permissions searcher utility script screenshot:
PHP Script scans and outputs all files and folders with 777 permisions.