-borg- & JJLatWebWiz this is what my server guyz sent me
By default IUSER account is disabled accross the server. Only your usage has READ/WRITE permissions on your folders. For webaccess, you are limited to READ access as well unless you specify a few folders specificly for Write access.
If your account has a script that can be used to hack your site, it will be limited to your account, not to the whole server.
So as long as you keep all of your software up to date, there is nothing to worry about.
now what do u think?? 
although i asked them about the everyone group permissions again lets see when do they reply to that. i'll let u know when they do :)
Topic Options
Post Options
Thanks(0)
. Even if they have left the Everyone account as default, your site contents should be safe from a hacker attacking from a different domain on the same server. If the Everyone account still has full control on the system32 folder, a hacker could crash the operating system, but your site should still be safe even though it would be offline. Once your host recovers the OS, your site will be intact. That's because it's currently impracticle for a hacker to escalate their rights assuming the host has hardened the other attack vectors like Microsoft's FTP service, disabling unnecessary services, and installing the bundles of OS service packs and hotfixes.