Author Topic: Help Protect your Gallery from being hack  (Read 11464 times)

0 Members and 1 Guest are viewing this topic.

Offline Deskcom

  • Newbie
  • *
  • Posts: 41
    • View Profile
Help Protect your Gallery from being hack
« on: August 20, 2008, 12:53:41 AM »
I been hearing alot about some people having a problem with hackers getting into there gallerys by loading molisiaus php files. To help protect beef up the security use the following code in you .htaccess file in all your 777chmod folders, this will help keep them from placing php perl and cgi files in ther and help protect your gallery. If you have a .htaccess file already just add this to it. Try not to copy the same commands again. Hope this helps. I will try to post some more stuff in here to help protect. But thi is just the start.

Code: [Select]
php_flag engine off
<Files ~ "\.(php*|s?p?html|cgi|pl)$">
deny from all
</Files>

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Help Protect your Gallery from being hack
« Reply #1 on: August 20, 2008, 01:32:21 AM »
Are you talking about hackers using 4images to upload malicious files or in general? Because I don't believe CHMOD777 is really that matters...

P.S.
Thanks for posting this.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Deskcom

  • Newbie
  • *
  • Posts: 41
    • View Profile
Re: Help Protect your Gallery from being hack
« Reply #2 on: August 20, 2008, 05:12:17 AM »
Actually I mean is hackers going after unsecured folders in the 4image system. That software is set to keep them from uploading the files via the 4image software. How ever if they want to attack the site, then can bypass the software completely and just go straight to the folder listed at 777 chmod. With a little work they can place php files in those folders and attack the site via that way. But with the .htaccess file above. It will still allow you to upload pictures, text files, and other file extensions of your choice. BUT it keeps php, Perl, and cgi file, the files that can hurt the site.

Offline Deskcom

  • Newbie
  • *
  • Posts: 41
    • View Profile
Re: Help Protect your Gallery from being hack
« Reply #3 on: August 20, 2008, 05:21:07 AM »
Are you talking about hackers using 4images to upload malicious files or in general? Because I don't believe CHMOD777 is really that matters...

P.S.
Thanks for posting this.

Its no problem V@no, I'm studding up on internet security and hacker prevention. There will be more to come. The internet cant be too secure. ;)

Offline HowdoI

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Help Protect your Gallery from being hack
« Reply #4 on: August 21, 2008, 06:19:19 PM »
Good Day,

Off the 9 folders that were CHMOD to 777 only 1 has the.htaccess fill in it.  So for this to work I would have to create the fill in the other 8 folders.  So;

(a) Is it just that code that has to be entered or additional 'normal stuff' code.  ( I am not familiar with .htaccess)
(b) Would this bit of code have any effect on the operation of the script since it is written in .php that I have to account for.

I am new to all of this so I am not sure and want to know before I start making changes.  Do not want to mess things up after all.

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Help Protect your Gallery from being hack
« Reply #5 on: August 22, 2008, 01:00:16 AM »
you can put one .htaccess into data folder and one into templates, child folders will also get affected by .htaccess from parent folders.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline HowdoI

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Help Protect your Gallery from being hack
« Reply #6 on: August 22, 2008, 04:43:19 AM »
With just the above code and nothing else, correct?

Offline SunnyUK

  • Newbie
  • *
  • Posts: 35
    • View Profile
Re: Help Protect your Gallery from being hack
« Reply #7 on: August 22, 2008, 10:28:39 AM »
If I successfully prevent anyone from uploading executables to the relevant directories..... how do I then subsequently upload an executable myself (e.g. when I need to implement a fix to 4images) ?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Help Protect your Gallery from being hack
« Reply #8 on: August 22, 2008, 01:46:13 PM »
In these directories nothing to execute, that's the whole point ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline SunnyUK

  • Newbie
  • *
  • Posts: 35
    • View Profile
Re: Help Protect your Gallery from being hack
« Reply #9 on: August 23, 2008, 10:16:04 AM »
d'oh!  :oops:

Thanks V@no

Offline zpix51

  • Pre-Newbie
  • Posts: 4
    • View Profile
Re: Help Protect your Gallery from being hack
« Reply #10 on: February 16, 2010, 02:25:42 AM »
hi,
I recently had some php codes injected in my online php scripts which ruined my site.
I think this is a good effort by deskcom

Offline GaYan

  • Sr. Member
  • ****
  • Posts: 301
  • ♫ | G2 | ♫
    • View Profile
    • Ziramagic
Re: Help Protect your Gallery from being hack
« Reply #11 on: February 22, 2010, 05:02:40 AM »
hey, guys.... is 4image is being protected from sql injections ?  :?:
I'm Back :)

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Help Protect your Gallery from being hack
« Reply #12 on: February 22, 2010, 08:13:29 AM »
hey, guys.... is 4image is being protected from sql injections ?  :?:
yes it is, at least for known sql injections via bug fixes
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)