hello how are you all?
i'm still new in the forums and i need a little help
i have an uploading script and hackers are able to uploads php from it
how can i stop it with the .htaccess?
there's code for it but i don't know it
please hlep
CSS Codes
New Comer (less than 5 posts)
i need a little help with .htaccess
hello how are you all?
i'm still new in the forums and i need a little help
i have an uploading script and hackers are able to uploads php from it
how can i stop it with the .htaccess?
there's code for it but i don't know it
please hlep
Junior Coders
Here is a easy but powerfull htaccess-password manager that will allow you to set a htaccess/password for multiple users.
This way everything within the folder/directory can only be accessed by password.
If you have your uploadscript in the same directory as everything else, create a subdirectory. You will then need to change the upload path of that script so the uploads do not end up in the password protected folder unless the uploads are accessed only by yourself anyway!
The original is not online anymore ( http://www.hotscripts.com/Detailed/15507.html - http://www.krizleebear.de/phpaccess/...x.php?pageID=5 ) so I uploaded it here:
http://wap.cc/ae/aqua/ht.txt
http://www.nottoxic.com/wapcc/ae/aqua/ht.txt
You need to change the username/password of course, rename it to ht.php, and just point your browser to it once its uploaded correctly.
New Comer (less than 5 posts)
thank you so much that was really helpful. but if i did that and they still able to upload php shells is it gonna be useful. i'm wandering if there's codes to stop php to be uploaded. basically forbid them to upload it even if the script scan didn't catch it. thank you again
Junior Coders
Oh, I thought you just wanted password protection to avoild people accessing the script (so not everybody can upload stuff, which you could do with a password field instead if you dont like htaccess/password).
All kinds of solutions in this forum topic
http://www.phpbuilder.com/board/arch...-10293142.html
or place something like this in a htaccess file:
AddType text/html .php
AddType text/html .phtml
AddType text/html .php4
AddType text/html .php3
AddType text/html .ssi
AddType text/html .cgi
Also you could unset chmod rights (execute...)
New Comer (less than 5 posts)
thank you again. i'm really new at this so i don't really know what should i do. the chmod should be on 777 or it won't upload. and 777 is dangerous thing. so should i add on the htaccess this:
AddType text/html .php
AddType text/html .phtml
AddType text/html .php4
AddType text/html .php3
AddType text/html .ssi
AddType text/html .cgi
like this or with something,
sorry for the trouble but i'm really new at it
thank you again
Global Moderator
The easiest way is to, in your uploading script, CHECK the file extension. If it is an image form, for example, then you can just allow .jpg .gif and .png; that's all, and you're done. No matter what they upload with a .gif extension (PHP code, an image, or anything else), it will never be processed as PHP in a dangerous way on your server.
It's better to have an OK-list of file extensions (like "jpg gif png"), than to disallow the harmful ones (like "php"), because they could use another format you didn't think of.
If you need more specific help, we'd need to see part of your code.
.htaccess may work, but I don't see the point of using two languages to solve one problem.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Posting Permissions
Reply With Quote
Bookmarks