Originally Posted by cowboy

What FTP program are you using? I cannot imagine one that would allow such a security risk. If it has a setting that controls default chmod set it to 755 for folders and 644 for files.

PHP running as CGI (PhpSUexec) will not allow initial creation of group or world write bits, nor, will it allow itself to set either bit after creation.

If you are uploading a tarball and extracting it on the server, it's contents will retain the permissions set at the time of taring.

The security feature of phpSUexec is to allow only the owner of a file to write, so if either group or world has a write bit, the CGI for PHP will halt in its tracks and deliver an error, usually 500. You can add write bits with FTP after file or folder creation, but, phpSUexec will refuse to honor them. That is your protection.

Since CGI needs an execute bit to run a file the apache OPTIONS directive ExecCGI adds an execute bit to all files, making a 644 file in effect 755. (Files pose no problem having a 755 permission.) Folders are not affected by the ExecCGI directive so have to be 755 to start with.

If all of your folders and files are in tact with 777 permissions, you can request support change them for you.