Hello, how i can disallow creating and modiffying .php files on an webserver for certain website directory or certain website which belongs to a certain user account? (not on whole server)
someone injecting files to my website structure fromtime to time, i dont want to fix any bugs in script nor upgrade, i want this fix as im nto modiffying or adding new php files so this looks to be easiest way to prevent…
This looks like a serious flaw in the script. I think the best course of action would be to modify the script to prevent the creation and modification of php files (and other security risk files that may be interpreted). You could use a .htaccess file to turn off the php engine for that directory so that php scripts are just output as plain text (instead of being interpreted). But I assume there’s no preventative measures to stop them from overwriting the .htaccess file, or even creating the php files a directory or more up the folder tree?