How to disable PHP scripts execution in 777 folders

Discussion in 'Programming' started by neox182, Dec 6, 2010.

0
  1. #1
    Hello

    I have a 777 folder in which users upload files. I want to block execution of maliscious scripts such as PHP or Perl. How can I do this?

    Thanks

    neox182
     
    neox182, Dec 6, 2010 IP
  2. jazzcho

    jazzcho Peon

    Messages:
    326
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Filter the uploads by extension.
     
    jazzcho, Dec 6, 2010 IP
  3. neox182

    neox182 Peon

    Messages:
    13
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    But what about if the hack.php file is uploaded as hack.php.01?
     
    neox182, Dec 6, 2010 IP
  4. jazzcho

    jazzcho Peon

    Messages:
    326
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #4
    It will not run. The server is usually configured to run ".php", ".php3", ".pl".
     
    jazzcho, Dec 6, 2010 IP
  5. crivion

    crivion Notable Member

    Messages:
    1,669
    Likes Received:
    45
    Best Answers:
    0
    Trophy Points:
    210
    Digital Goods:
    3
    #5
    place a .htaccess file in the dir you want to deny script execution with this

    AddHandler cgi-script .php .pl .jsp .asp .sh .cgi
    Options -ExecCGI
     
    crivion, Dec 6, 2010 IP
    nabil_kadimi likes this.
  6. LegitLifeStyle

    LegitLifeStyle Peon

    Messages:
    62
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    yea the only way I can think to do it is with .htaccess
     
    LegitLifeStyle, Dec 6, 2010 IP
  7. nabil_kadimi

    nabil_kadimi Well-Known Member

    Messages:
    1,065
    Likes Received:
    69
    Best Answers:
    0
    Trophy Points:
    195
    #7
    You've got nice answers here, +1 for this one:
    And since your are accepting uploads I would recommend they you be veru cautious with file names, and refuse files that start with a dot "."
     
    nabil_kadimi, Dec 6, 2010 IP
    crivion likes this.
  8. neox182

    neox182 Peon

    Messages:
    13
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    That didn't work :(
     
    neox182, Dec 6, 2010 IP
  9. nabil_kadimi

    nabil_kadimi Well-Known Member

    Messages:
    1,065
    Likes Received:
    69
    Best Answers:
    0
    Trophy Points:
    195
    #9
    What hosting company and hosting plan are you using?
     
    nabil_kadimi, Dec 6, 2010 IP
  10. neox182

    neox182 Peon

    Messages:
    13
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Thanks for all the help!

    I found my problem, please close the thread.
     
    neox182, Dec 7, 2010 IP