SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Hybrid View

  1. #1
    SitePoint Evangelist Tapan's Avatar
    Join Date
    May 2005
    Location
    India
    Posts
    564
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    File copy issue help!

    Hi,

    I have folders on a site which is 777. It is used to upload files using web form and files are stored in it. But due to 777 someone is using the folder to upload phishing pages. Due to which i am getting notices from my host again and again.

    I tried to change permission so that public cannot write but then the php won't upload the file and gives error.

    What to do ? Help me!

    Thanks.

  2. #2
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    I don't really think this is a permissions issue, is sounds like it's more of a form validation and filtering issue.

    You need to ensure that the files that can be uploaded are what you expect, and from who you expect.

    Additionally, store the uploads in a folder inaccessible to the public, this way no-one but you can execute/view/use them.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You would probably do yourself some good by reading this
    http://www.scanit.be/uploads/php-file-upload.pdf

    But like SilverBulletUK said, this problem is primarily because you do not have adequate validation in place for the way you allow these uploaded things to be used. Allowing uploads and maintaining security is not often a trivial task.

  4. #4
    SitePoint Evangelist Tapan's Avatar
    Join Date
    May 2005
    Location
    India
    Posts
    564
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I have seen in some scripts that they are able to write to server without 777 how they do it ?

    Thanks.

  5. #5
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It depends on which user the php program runs as, but you never need 777 to write. Consider studying unix filesystem permissions.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •