hello, how i can disbale uploading of .php files through .htaccess becasue i am wondering that hackers are uploading shells on my website by using LFI and RFI method. or is there any other method to disable LFI and RFI in one host i have a server and running 7 websites , i cant edit php.ini , can i make seperate php.ini for one website and disable rfi and lfi on that php.ini? i am tired of being hacked becasuse hackers are uploading shells and messing around regards
Firstly, you should Disable allow_url_fopen and allow_url_include in php.ini that will stop RFI. If you want to stop php files being uploaded and executed, move the uploads directory outside of the web root. Though that will depend on what sort of application you are running.
i have upload php.ini with this code: it can help me to stop defacement of my website, indian hackers keep defacing my website =( through c99 shells =(