4images Forum & Community
4images Modifications / Modifikationen => Mods & Plugins (Requests & Discussions) => Topic started by: Deskcom on August 20, 2008, 12:53:41 AM
-
I been hearing alot about some people having a problem with hackers getting into there gallerys by loading molisiaus php files. To help protect beef up the security use the following code in you .htaccess file in all your 777chmod folders, this will help keep them from placing php perl and cgi files in ther and help protect your gallery. If you have a .htaccess file already just add this to it. Try not to copy the same commands again. Hope this helps. I will try to post some more stuff in here to help protect. But thi is just the start.
php_flag engine off
<Files ~ "\.(php*|s?p?html|cgi|pl)$">
deny from all
</Files>
-
Are you talking about hackers using 4images to upload malicious files or in general? Because I don't believe CHMOD777 is really that matters...
P.S.
Thanks for posting this.
-
Actually I mean is hackers going after unsecured folders in the 4image system. That software is set to keep them from uploading the files via the 4image software. How ever if they want to attack the site, then can bypass the software completely and just go straight to the folder listed at 777 chmod. With a little work they can place php files in those folders and attack the site via that way. But with the .htaccess file above. It will still allow you to upload pictures, text files, and other file extensions of your choice. BUT it keeps php, Perl, and cgi file, the files that can hurt the site.
-
Are you talking about hackers using 4images to upload malicious files or in general? Because I don't believe CHMOD777 is really that matters...
P.S.
Thanks for posting this.
Its no problem V@no, I'm studding up on internet security and hacker prevention. There will be more to come. The internet cant be too secure. ;)
-
Good Day,
Off the 9 folders that were CHMOD to 777 only 1 has the.htaccess fill in it. So for this to work I would have to create the fill in the other 8 folders. So;
(a) Is it just that code that has to be entered or additional 'normal stuff' code. ( I am not familiar with .htaccess)
(b) Would this bit of code have any effect on the operation of the script since it is written in .php that I have to account for.
I am new to all of this so I am not sure and want to know before I start making changes. Do not want to mess things up after all.
-
you can put one .htaccess into data folder and one into templates, child folders will also get affected by .htaccess from parent folders.
-
With just the above code and nothing else, correct?
-
If I successfully prevent anyone from uploading executables to the relevant directories..... how do I then subsequently upload an executable myself (e.g. when I need to implement a fix to 4images) ?
-
In these directories nothing to execute, that's the whole point ;)
-
d'oh! :oops:
Thanks V@no
-
hi,
I recently had some php codes injected in my online php scripts which ruined my site.
I think this is a good effort by deskcom
-
hey, guys.... is 4image is being protected from sql injections ? :?:
-
hey, guys.... is 4image is being protected from sql injections ? :?:
yes it is, at least for known sql injections via bug fixes (http://www.4homepages.de/forum/index.php?board=17.0)