I am going to try to keep all my folders away from 777 for now. Just until I can figure it all out.

Assuming your host is indeed doing something special, it is probably doing php-sudo which means that your PHP scripts run as you, and the other user’s PHP scripts are running as those other users. However, php has to run as A user, and ANY user can write to a 777 folder. So, even if your host is going above and beyond the norm by deploying php-sudo, 777 still defeats it.

Am I making sense?

Bart.

I guess I just don’t understand how one vulnerability can affect other users being “walls” so to speak.

Do you need to have sudo abilities to do that?

Sorry for so many questions, but I am really blind when it comes to stuff like this!

I will email you as well! Thanks Bart!

So sorry to hear you got hacked I’m also delighted the damage seems to have been light.

You say it was in a 777 folder, are you on shared hosting? If so, any other user of that server could have done it. Or, a hacker hacking any account on that server could have also taken you out. On shared hosting 777 is so so dangerous. It forces you to trust all your fellow server-sharers.

I’m going to take back what I said earlier – if you’re on shared hosting there clearly are benefits to some of these security plugins. Bear in mind though – the attacker could have read your DB details straight out of config.php (they had file-system access since they created files) and used that to disable your plugin. I guess they were thankfully too dumb to do that this time.

There’s a lot to be said for dedicated or virtual dedicated hosting.

Bart.