Hello,

one member adviced me that "You need especially to disallow execution of any files in your upload directories (avatars, profile pics, etc.)"
because my site got hacked, some script files modiffied by malware redirect.

So i want to ask how i can achieve this? I know how to chmod directory, but in the upload directories are added new files as time goes, and how to automatically change their permissions, or how tis meant?

attachments/
customavatars/
customgroupicons/
customprofilepics/
signaturepics/

What is proper above folders permission? 777 not? thanks for advice

Those folders need to have 777 (0777) permissions so that your members can upload image files or document/PDF files to those directories.

What you need to do is, as you suggest, disallow any executable files from being run from those directories.

For those directories ONLY, create an .htaccess file with these lines as content (or add them to the top of the existing .htaccess file):

Options +FollowSymLinks
Options All -Indexes

<Files ~ "\.(php\d*|cgi|pl|phtml)$">
order allow,deny
deny from all
</Files>