Welcome gentlemen. I have a question as to protect the shell script upload php. sorry my english is bad.
-
-
simple.. don't have an uploader on your site/s -
eh eh..what a kind of houmor..ehm
but i think that anybody would answer like this
this forum had no reason to live..
if we were all genius CODING TALK could be only
a talking forum about weather..
to ask is a right, to answer (gently) is a rule..
especially when somebody ask
with education as dominik.
tha's my opinion,of course..ev'ry body can think
as he wanna ..
sigpicthe italian/international COMMUNITY of friendship
http://people2000.netne.net
WAP/WEB
peoplemailbox@katamail.comComment
-
there are many ways such as turn on open_basedir etcleft wap stuffComment
-
AddHandler application/x-hxxx-spoof .bs .cgi .pl .py
u can also use .htaccess to add a bogus handler for other file extensions.Comment
-
you can disable execution of sh files by adding this to ur htaccess
search about magic numbersPHP Code:Options -ExecCGI
AddHandler cgi-script .pl .py .jsp .asp .htm .shtml .sh .cgi
Comment
-
Create a .htaccess file in your directory where the files are stored from uploader, with this code inside
Code:RemoveHandler .php .phtml .php3 .php4 .php5 .php6 .phps .cgi .exe .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .py AddType application/x-httpd-php-source .php .phtml .php3 .php4 .php5 .php6 .phps .cgi .exe .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .py php_flag engine 0
Comment
-
php_flag engine 0Comment
-
add into your .htacces
<Files ~ "\.(php.|phtml.|html.|pl.|py.|jsp.|asp.|htm.|shtml .|sh.|cgi.)$">
order allow,deny
deny from all
</Files>Comment
Comment