How to Secure Uploader

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    How to Secure Uploader

    It's long time since I am thinking about to make a secured uploader. I haven't yet add any uploader in my wml lava site due to security issue. But now-a-days many request me for a uploader sothat they can upload their images happily. However, I want to put a secured uploader now.
    ==================
    Now guys I want to have ideas from you all on how can I make my uploader secured.
    With all the security functions, additionally I want such a uploader that should have the functions like below:

    1. Allows only image(.gif/.jpg/.jpeg/.png/.bmp) MIME type files.
    2. Maximum file size supports 50KB.
    3. "Uploaded file under moderator processing system" sothat site staffs can check the uploaded files before publishing.
    ==================
    ==================
    Now please give me ideas or codes for it.
    Wait...
    sigpic

    #2
    Originally posted by anderson View Post
    It's long time since I am thinking about to make a secured uploader. I haven't yet add any uploader in my wml lava site due to security issue. But now-a-days many request me for a uploader sothat they can upload their images happily. However, I want to put a secured uploader now.
    ==================
    Now guys I want to have ideas from you all on how can I make my uploader secured.
    With all the security functions, additionally I want such a uploader that should have the functions like below:

    1. Allows only image(.gif/.jpg/.jpeg/.png/.bmp) MIME type files.
    2. Maximum file size supports 50KB.
    3. "Uploaded file under moderator processing system" sothat site staffs can check the uploaded files before publishing.
    ==================
    ==================
    Now please give me ideas or codes for it.
    just limit the extensions of a file to be uploaded
    My Blog: http://jhommark.blogspot.com
    My Facebook: http://www.facebook.com/jhommark
    My Official Site: http://www.undergroundweb.tk
    My Community Site: http://undergroundwap.xtreemhost.com

    Comment


      #3
      just limit the extensions of a file to be uploaded

      still my site got hacked by for the uploading system the delete my database so how to secure the hack ????? i got file extention gif and jpeg but how they do that i really dont know

      Comment


        #4
        u have to make sure the content type is same as the extension

        PHP Code:
        $image_type = array("image/jpeg","image/pjpeg","image/gif","image/x-png","image/bmp");
        $ext strtolower(strrchr($_FILES['filetoupload'][name],'.'));
        $file_type $_FILES['filetoupload']['type'];
        if (!
        in_array($ext,$image_ext) && in_array($file_type,$image_type)) echo "Content type must be image."
        thats just an example from my uploader
        </SPAN></SPAN>

        Comment


          #5
          should also stop ur download folders from loading php files thru url / hotlinking etc

          Comment


            #6
            Originally posted by ori View Post
            should also stop ur download folders from loading php files thru url / hotlinking etc
            Want more tips here to make uploader secured. @ ori n other coders
            Wait...
            sigpic

            Comment


              #7
              hide ur image url dir! Get idea from the E-Cards! just like what i did in mah site!

              Comment


                #8
                Originally posted by kuklux View Post
                hide ur image url dir! Get idea from the E-Cards! just like what i did in mah site!
                good point.

                plz tell me more tips @ all
                Wait...
                sigpic

                Comment


                  #9
                  U need .Htaccess w/c denies other files exect image format. .And even they kn0w the page dir . it shows that they have n0 permizion to view the folder
                  com site: http://vampist.net
                  download site: http://wapdloads.net
                  fb: http://www.facebook.com/pmplx

                  Comment


                    #10
                    put .htaccess...only file that only upload are include...

                    Comment


                      #11
                      upload images and in the same time change the name of images.insert the new name of image into database.keep the name into database and the name of folder for upload secret(storage).generate image link for viewers into new folder(deliver folder) and in the same time copy and rename the image from storage into deliver.empty deliver folder periodic with a value cron in kb of deliver folder.this prevent hot linking.if you want to resize images at the same value resize in deliver folder.
                      Last edited by blackhowk; 13.09.09, 12:38.
                      http://ngeo.ro

                      Comment


                        #12
                        Originally posted by bijaybd View Post
                        just limit the extensions of a file to be uploaded

                        still my site got hacked by for the uploading system the delete my database so how to secure the hack ????? i got file extention gif and jpeg but how they do that i really dont know
                        use a resizer of image..just search here..use it for holding images..then make some codes, if the image is a remote file then use header("Location: $imageurl")..
                        My Blog: http://jhommark.blogspot.com
                        My Facebook: http://www.facebook.com/jhommark
                        My Official Site: http://www.undergroundweb.tk
                        My Community Site: http://undergroundwap.xtreemhost.com

                        Comment


                          #13
                          Originally posted by kiLLeR-eyEd_14 View Post
                          use a resizer of image..just search here..use it for holding images..then make some codes, if the image is a remote file then use header("Location: $imageurl")..

                          i use phpthumb but still the same thing happening why i really dont know even the image file renamed autometically like if its baby.gif it goes lyk 1234.gif but still same

                          Comment


                            #14
                            my uploader directory denies even the allowed file types i use a grab file to download files so folder is hidden plus files cant be accessed even if they guess the folder

                            Comment


                              #15
                              Put code in upload file that some chatpost req to upload files so regular chatter only can upload file .... Also put denied in htacess for php.jpeg etc

                              Comment

                              Working...
                              X