Yes, 3 questions in a row... sorry bout that. Hopefully after this you won't even see me again 
The second step of the install is:
2. CHMOD the following folders to 0777
/dbtech/thanks/vbactivity_type
This leaves me some concern about leaving a folder with 777 open. That can just leave us open to attacks. Is this only on install and I can set it back afterwards? OR, if not, is there an optional .htaccess file that I can install to protect the folder from any new files being added that aren't part of the install? For other image folders that have had to have 777 access, I've used the following modification to the .htaccess file.
BUT, if I use that code it won't execute your PHP files. Is there a specific .htaccess file that you could provide to enable an enhanced security on that folder? I looked around on the forum already and didn't see it. Thanks!
The second step of the install is:
2. CHMOD the following folders to 0777
/dbtech/thanks/vbactivity_type
This leaves me some concern about leaving a folder with 777 open. That can just leave us open to attacks. Is this only on install and I can set it back afterwards? OR, if not, is there an optional .htaccess file that I can install to protect the folder from any new files being added that aren't part of the install? For other image folders that have had to have 777 access, I've used the following modification to the .htaccess file.
Code:
01 # Don't list directory contents
02 IndexIgnore *
03 # Disable script execution
04 AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .js .jsp .asp .htm .html .shtml .sh .cgi
05 Options -ExecCGI -Indexes
06
07 # Only allow access to this directory if they are coming from your domain; excluding you, your server, Google and any other IPs
08 RewriteEngine On
09 RewriteCond %{REMOTE_ADDR} !^(xxx\.xxx\.xxx\.xxx|xxx\.xxx\xxx\.xxx|66\.249\.)
10 RewriteCond %{HTTP_HOST} !^(127\.0\.0\.0|localhost) [NC]
11 RewriteCond %{HTTP_REFERER} !^https?://(.+\.)?yourdomain\.com/ [NC]
12 RewriteRule .* http://yourdomain.com/ [L]
13
14 # Secure php.ini and .htaccess
15 RewriteRule ^(php\.ini|\.htaccess) - [NC,F]
16
17 # Block shell uploaders, htshells, and other baddies
18 RewriteCond %{REQUEST_URI} ((php|my|bypass)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|c100|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
19 RewriteCond %{REQUEST_URI} (\.exe|\.php\?act=|\.tar|_vti|afilter=|algeria\.php|chbd|chmod|cmd|command|db_query|download_file|echo|edit_file|eval|evil_root|exploit|find_text|fopen|fsbuff|fwrite|friends_links\.|ftp|gofile|grab|grep|htshell|\ -dump|logname|lynx|mail_file|md5|mkdir|mkfile|mkmode|MSOffice|muieblackcat|mysql|owssvr\.dll|passthru|popen|proc_open|processes|pwd|rmdir|root|safe0ver|search_text|selfremove|setup\.php|shell|ShellAdresi\.TXT|spicon|sql|ssh|system|telnet|trojan|typo3|uname|unzip|w00tw00t|whoami|xampp) [NC,OR]
20 RewriteCond %{QUERY_STRING} (\.exe|\.tar|act=|afilter=|alter|benchmark|chbd|chmod|cmd|command|cast|char|concat|convert|create|db_query|declare|delete|download_file|drop|edit_file|encode|environ|eval|exec|exploit|find_text|fsbuff|ftp|friends_links\.|globals|gofile|grab|insert|localhost|logname|loopback|mail_file|md5|meta|mkdir|mkfile|mkmode|mosconfig|muieblackcat|mysql|order|passthru|popen|proc_open|processes|pwd|request|rmdir|root|scanner|script|search_text|select|selfremove|set|shell|sql|sp_executesql|spicon|ssh|system|telnet|trojan|truncate|uname|union|unzip|whoami) [NC]
21 RewriteRule .* - [F]
22
23 # Disable hotlinking of images
24 RewriteCond %{HTTP_REFERER} !^$
25 RewriteCond %{REQUEST_FILENAME} -f
26 RewriteCond %{REQUEST_FILENAME} \.(jpe?g?|png|gif|ico|pdf|flv|swf|gz)$ [NC]
27 RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?yourdomain\. [NC]
28 RewriteRule \.(jpe?g?|png|gif|ico|pdf|flv|swf|gz)$ - [NC,F]
29
30 # Only the following file extensions are allowed
31 Order Allow,Deny
32 Deny from all
33 <FilesMatch "\.([Jj][Pp][Ee]?[Gg]?|[Pp][Nn][Gg]|[Gg][Ii][Ff]|[Gg][Zz]|[Pp][Dd][Ff])$">
34 Allow from all
35 </FilesMatch>
36
37 # Block double extensions from being uploaded or accessed, including htshells
38 <FilesMatch ".*\.([^.]+)\.([^.]+)$">
39 Order Deny,Allow
40 Deny from all
41 </FilesMatch>
42
43 # Only allow GET and POST HTTP methods
44 <LimitExcept GET POST>
45 Deny from all
46 </LimitExcept>BUT, if I use that code it won't execute your PHP files. Is there a specific .htaccess file that you could provide to enable an enhanced security on that folder? I looked around on the forum already and didn't see it. Thanks!
