Not sure if this is the correct place to post this. Or even if this is allowed to be posted. If not, please delete this thread. I found this upload script that is exactly what I was looking for. However, I found that it keeps getting hacked shortly after I put it up. Can someone please tell me what makes this script so easily hacked? Where are the security holes and how can it be fixed? Would a mandatory login function help? I know there are plenty other scripts out there but I really like this one. Upload Script
Filtration absents in your script. Therefore any malefactor can inundate Php-shell. Add filters or create a file .htaccess with the following content: <Files "*.php"> Addtype text/html .php .htm .html .phtml </files> Code (markup): It must provide implementation of PHP of scripts as TXT files.
You will excuse a bit made a mistake file content .htaccess. That is it must be: <Files "*.php"> Addtype text/text .php .htm .html .phtml </files> Code (markup): And it is not necessary quite to rewrite a script, simply enough to load a file .htaccess. I think it will be by the simplest and effective method.