NineChime forum

Are you sure you can't use 765 or 775?  The last digit controls public permissions, while the middle digit handles group permissions (you, your FTP login, PHP, other server scripts, etc.)

So long as the group permissions are high enough, it should work.  I've never heard of a server that needs 777 to function, though it is farily common for 755 not to work.

.htaccess files are nifty, but they only control how the Apache web server handles files.  PHP is restricted only to your "public_html" folder, and Perl can do pretty much whatever it wants (there is no Perl code in Wacintaki).  If there's a security hole in a script, it will typically be able to invade the whole server (or, your own account).  Unfortunately, UNIX wasn't designed to quarantine folder access except through groups.  You either belong to the same group as the owner, or you don't.

Is there anyway to protect the pictures directory - security wise? Or limit what can be uploaded to it?

Not really, unless you have administration abilities on the server itself and know a bit about UNIX/Linux.

Wacintaki doesn't allow files to be uploaded with specific names, and also checks images headers to make sure they are valid image files, and not data.  If you're concerned about hacks getting into your board through the banner or notice (which allows PHP code), open up your hacks.php file and change define ('DISABLE_PHP_RESOURCE', 0); to define ('DISABLE_PHP_RESOURCE', 1);.  This will prevent any PHP code from being inserted into the board.  I find it unlikely that the resource files are a security threat unless you have an admin who is using PHP in the notice/banner/rules/etc.

PS - Great avatar.

As a Windows user, I was pretty much clueless as to UNIX security until I started uploading my scripts to my own web site, and watched in horror as things blew up all over the place.  I don't really like the way that UNIX does things, but, I've learned to live with it.