Is there a certain file type that you are looking for? You could restrict it to that, also you could chown the uploaded files to a no/low privelage user. On 4/6/06, Wolf <LoneWolf@xxxxxxxxx> wrote: > > They all ended in .rar > > Files named: > b.php.rar > jpg.php.rar > c99.php.rar > > Dan McCullough wrote: > > WHat types of files were they, if you dont mind me asking? > > > > On 4/6/06, Wolf <LoneWolf@xxxxxxxxx> wrote: > >> I woke up on thanksgiving morning to find my server hacked through a > >> hole left by a file upload area of my site. I restored the backup and > >> placed a few blocks in place on the server, so they can get in, but > they > >> can't get out.... ;) > >> > >> What I am interested in finding out is what the best way is to make > sure > >> that I can rework the upload area to allow upload and download from it > >> while keeping script kiddies from exploiting it again. > >> > >> I can post the scripts (if you are interested in pulling them apart or > >> such) as I have accumulated 3 different versions now, but I am > wondering > >> what you guys use currently as "standard" PHP security and still do > file > >> parsing and such. > >> > >> Thanks, > >> Wolf > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
