Hey, Nick!
File permissions good or bad will not allow your site to be hacked, unless the server is quite badly configured or has not been updated in the past five years.
That is an ambiguously worded statement at best, that can ultimately lead to an misinformed interpretation that could prove to be dangerous:
I’ve changed the permissions for the uploads folder to 755, but now cannot upload images.
In a properly configured shared hosting environment, 0755 and 0644 permissions or LESS, can prove quite effective. Your uploads folder, or any folder for that matter, should never require 0777 permissions.
You may have some ownership issues that are causing some grief.
This was the reason I used 777 in the first place! It seems to be a hugely common issue – dozens of people appear to have the same problem and most seem to solve it only by using 777.
It becomes an issue when files and directories or processes are owned/group-owned by something other than your own user account.
Contact your host. Come right out and ask them what your file and directory permissions should be, what the owner and group should be, and why. If you’re in a shared environment, and they tell you that owner and group should be anything other than your own user account, you need push them into telling you why, and then make a decision about whether continued use of their service is in your best interest.
Of course, if you’re managing your own VPS, and no shared hosting is involved, then the ownus is on you as a server administrator.
What I’d like to know is how to discover how they got in to start with?
Log files, auditing, and your hosts support staff involvement.
