|
|
David,
I checked your site, and your FTP service is requesting a User ID and
password. I suspect that you re getting in through as you've cached the
authentication already. One way to check this is to clear your browser's
cache/cookies and try logging in again. You should get prompted.
This should stop users from posting files on your site unless you have
created an upload page that they can access. I didn't see one when I looked
at your site. You need to set the file/directory permissions on all of your
directories so that the users can read/execute PHP pages, but not write. If
you do create an upload page, point any uploads to a directory that can be
written to by the users, but won't give them execute scripts permissions.
Otherwise they can upload a script and then execute it, and then you're in
trouble.
The ISP needs to apply the latest patches to PHP on the server. This is not
something you can do. If you upgrade PHP on your workstation, any changes
that you make to yuour pages locally can be FTP'd to the server. However, if
you are coding to a later version of PHP than the ISP, some of your pages
may not work. I always try to stay in sync with the ISP to avoid this.
|
|