The script needs permissions to create folders and files within the albums folders. This being said, it's up to you to figure out what level of permissions is needed to allow the script to do what it needs to do without allowing hackers to run havoc on your page. This related to webserver setup, not to coppermine. You can't expect an easy answer like "
CHMOD to XYZ and you'll be fine", because there can not be such a type of answer. Your question is invalid in the first place: your reluctance to upgrade got you hacked. The attacker probably used vulnerabilites that existed in old, outdated versions of coppermine to gain control over your site. They would have been able to do so no matter what level of permissions you would have set up on file system level, as they probably used a vulnerability in Coppermine to get in. What do you expect? A miracle "super-safe" setting in coppermine? OK, I have such a recommendation for you: set permissions (CHMOD) to 000. This will make sure that you won't get hacked, with only the smal drawback that you won't be able to use coppermine any longer
.
This being said, in a reply to your original question
does anyone have any ideas on how to prevent this sort of attack in the future?
Yes: keep your app up to date!
My question was not addressed.
It was. Read my reply!
And just for the record, being busy is not the same as being apathetic.
I didn't say so. I said that you have been reluctant to upgrade. I didn't say that you were lazy, although one could conclude that from what you said above...