SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Thread: Preventing a hacker from uploading a file / prevent from executing

  1. Feb 20, 2012 17:10 #1
    eruna
    eruna is offline
    SitePoint Guru
    Join Date
    Jan 2007
    Posts
    902
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Preventing a hacker from uploading a file / prevent from executing

    I just found a few malicious files in the upload folders on my site. Is there a way to limit what types of files can be uploaded with htaccess or at least prevent php files from executing in certain directories?
    Reply With Quote Reply With Quote
  2. Feb 20, 2012 17:28 #2
    wonshikee
    wonshikee is offline
    SitePoint Wizard wonshikee's Avatar
    Join Date
    Jan 2007
    Posts
    1,223
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Yes

    If you had a folder /upload, you would put it at /upload/.htaccess,

    Put:

    SetHandler Disable_All_File_Execution

    within the file.

    Note: Disable_All_File_Execution means nothing, you're basically setting "SetHandler" directive to an invalid handler, so that files aren't executed.

    The next step after this, is to prevent users from uploading malicious files in the first place.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules