I have all my attachments in a /webroot/uploaded folder. The permission to the foler is drwxr-xr-x at the moment. However this does not allow me to upload any attachments. On the onther hand I fear to assign 777 to the folder, fearing that it might open a hole to exploit.

So I am wondering what is the proper way to secure the upload folder?

Set the upload folder to 777. It is just a directory so there is not much that can be done to "exploit" it.

ًRichie, I'm not an expert but I've read that it is not a good idea to give 777 to any of the folders. The general recommendation for folders is 755 or 644.

Well yeah, most folders should be at 755 with files being at 644 but upload folders need write access. In other words, your site needs to be able to write to it. It cannot do that without write access.

It also depends on your server. Not all use 777.

You should be fine with your upload folder set at 777.

BTW - The fact that your site was hacked had nothing to do with an upload folder. :)