Security flaws
When we go to each app and "reset permissions" it gives www-data group full permissions to edit/create files. It's a security leak. Our server got hacked and all sites on server got exposed. If it's not taken care of, I have to post this at various places on social media that avoid using cloudways as this can expose your clients to risk.
Amit Aggarwal
shared this idea
Hi Amit,
The reset permissions button has nothing to do with the fact that your site may have been hacked. It simply sets the permissions to the default that Cloudways advises for content under the public_html folder (that is 775 for folders and 664 for files). This is the default too when installing a new application. Permissions are like this to allow different team members to work on the same application (team members userids are all part of the same group). This by itself does not constitute any flaw nor security issue and will not imply the server will be hacked. Application/server will be hacked if it is not updated, it uses old/insecure plugins …
Cloudways Team
1 comment
-
AdminCloudways
(Admin, Cloudways)
commented
Hi Amit,
The reset permissions button has nothing to do with the fact that your site may have been hacked. It simply sets the permissions to the default that Cloudways advises for content under the public_html folder (that is 775 for folders and 664 for files). This is the default too when installing a new application. Permissions are like this to allow different team members to work on the same application (team members userids are all part of the same group). This by itself does not constitute any flaw nor security issue and will not imply the server will be hacked. Application/server will be hacked if it is not updated, it uses old/insecure plugins ...
Cloudways Team