I have another question for you all. What should the file permission be for the files?? I know that the mod.file, forum whatever, ubtwhater should be 777, but what about all those other files on the server. Can I lock them all down so nobady can touch them? Basically i'm asking in a nut shell is what am I supost to leave open and what should I lock (make undeleteable). I use cuteftp if that matters. OH and by the way, thx again for helping out a newbie at this. SOmetimes I think i'm too paranoid about deleters and such.
About 3 months ago a guy hacked into my friends board and delelted EVERYTHING, that not helping my feeling now. His board was up for 6 months with 1000 users. He was devistated. So you can understand my feelings. THX Again...

The minimum permissions you can give is related to the exact setup of the server.

In an ideal situation, you could just set everything 700 and forget it, however the sheer majority of ISPs do *NOT* run CGIs as you, they run them as user nobody. That's why we ask that certain files be set up as 777. Files owned by you but accessed by nobody set to less than 666 would not be (reliably) usable. Nobody is a real pain. You can quote me on that.

Please, PLEASE do not change permissions on ANYTHING until you ask their host if they are running CGIWrap, suExec, or a similar CGI wrapper to ensure CGI scripts run as a user rather than nobody.

Also a little reminder - we can not officially support a board that's not using the permission settings we set forth in the installation instructions. If something goes wrong at your board, you may have to reset permissions on your files...

As for the hacking - three months ago, the UBB contained a nasty security hole that would have allowed something like what you describe. Current UBB versions don't contain the hole.

------------------
Charles Capps, Moderator, Post-Install Troubleshooting
PLEASE NOTE: Due to time limitations, I do not provide UBB support via email.

[snip by CC: Please do not me-too in this forum, it causes no end of support headaches. For all issues, start a NEW thread with your version and URL, as well as a concise description of your problem, including any and all error messages you may have received]

[This message has been edited by Charles Capps (edited 11-28-2000).]