Forgive the newbie-type questions but I've searched and some answers I couldn't find while others there seemed to be a variety of answers which ends up a bit confusing.

Other than folders requiring chmod of 777 like cache, templates_c, uploads, what should permissions for the rest of XOOPS folders (including modules, Frameworks, etc.) be set at for optimal security? I see many at 755, is that sufficient?

On another site (non XOOPS), a hacker broke into the site's admin (a cgi script for links) adding his links everywhere. Aside from banning his IPs, I also added the following to the .htaccess file within the admin folder to only allow webmaster and site owner IPs access to the admin:

Order Deny,Allow
Deny from all
Allow from xx.xx.xxx.xxx

This was advised by developers in the script's support forum and seems to work very well. Would something like the following be advisable for XOOPS admin.php files or would it be considered too extreme or cause problems?

In modules/system/ .htaccess file, for example?

Thanks in advance!

I don't think it would cause any problems. But not all admin functions are accessed through admin.php. Module admin functions, for example, might be accessed via any script in the module's /admin subdirectory.

Thanks Dave_L. I appreciate the reply.

Quote: