Re: server/PHP security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Is there a certain file type that you are looking for?  You could restrict
it to that, also you could chown the uploaded files to a no/low privelage
user.

On 4/6/06, Wolf <LoneWolf@xxxxxxxxx> wrote:
>
> They all ended in .rar
>
> Files named:
> b.php.rar
> jpg.php.rar
> c99.php.rar
>
> Dan McCullough wrote:
> > WHat types of files were they, if you dont mind me asking?
> >
> > On 4/6/06, Wolf <LoneWolf@xxxxxxxxx> wrote:
> >> I woke up on thanksgiving morning to find my server hacked through a
> >> hole left by a file upload area of my site.  I restored the backup and
> >> placed a few blocks in place on the server, so they can get in, but
> they
> >> can't get out....  ;)
> >>
> >> What I am interested in finding out is what the best way is to make
> sure
> >> that I can rework the upload area to allow upload and download from it
> >> while keeping script kiddies from exploiting it again.
> >>
> >> I can post the scripts (if you are interested in pulling them apart or
> >> such) as I have accumulated 3 different versions now, but I am
> wondering
> >> what you guys use currently as "standard" PHP security and still do
> file
> >> parsing and such.
> >>
> >> Thanks,
> >> Wolf
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux