How to check archives with files uploaded by users?

R

Rokis2016-09-02 20:00:48

Malware

Rokis, 2016-09-02 20:00:48

Hello.
I want to organize the ability to upload content to anonymous users ( no registration ). There were security issues. Brief description of my plan:

I plan to upload content to the hosting where the site is located.
Content type: rar, zip archives. Inside css, js, html and other files.
The size of the archives is approximately 1-50 mb.
Before publication - moderation

.
The problem is that I cannot know what will be put into the archive before it is uploaded to the server. How to check/filter at least for viruses in such a situation? Or suggest a safer way for users to add content.
I must say right away that uploading to cloud hosting is not an option. This is inconvenient for users ( no direct link ).

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

X

xmoonlight, 2016-09-02
@Rokis

1. Don't run any of the server scripts or check the list of files right after uploading and say that the archive contains invalid file types (.php, .cgi, .py, etc.) and ask them to delete and upload again.
2. Check with an antivirus at the time of download (before moving from a temporary folder).
3. Generate a unique ID for each user and ask them to save it by password protecting it in advance. (after successful moderation by the system, before publication)

at least for viruses

at least an antivirus on the server

I must say right away that uploading to cloud hosting is not an option. This is inconvenient for users (there is no direct link).

Here it is not clear. On dropbox.com - there is definitely a direct link to the content.