I've just been starting to use the Gallery feature of Couch and I got a notice from my ISP saying that they've scanned my account and found "potential security threats" and indications that my site "may" be compromised. Here's their reasons:
They've been changed to 755 for folders and 644 for the files and everything appears to still work ok. Why are these created with executable permissions for all?
The following files/directories had insecure permissions (777), which
have been remediated.
/home/xxxxxx.com/couch/uploads/image/gallery
/home/xxxxxx.com/couch/uploads/tmp
/home/xxxxxx.com/couch/uploads/image/gallery/dsc00052.JPG
/home/xxxxxx.com/couch/uploads/image/gallery/dsc00051.JPG
They've been changed to 755 for folders and 644 for the files and everything appears to still work ok. Why are these created with executable permissions for all?