D
D
Dmitry Pechurkin2013-11-20 20:10:19
Apache HTTP Server
Dmitry Pechurkin, 2013-11-20 20:10:19

How to prohibit uploading files to the server in folders with permissions 777?

The problem is the following. Have your own web server with DirectAdmin v1.43.3 control panel;
php version 5.2.17; System: FreeBSD 8.3-RELEASE-p5 amd64 ; Server API: Apache 2.0 Handler ;
The problem is this: sites in folders with 777 permissions began to receive extraneous files/backdoors/doorways. Accounts for access to the hosting panel and ftp accounts have already been cleaned. How else can you protect yourself from such delays? Is it possible, knowing that a particular domain has a folder with 777 permissions, to upload files there without using accounts, and since the guest upload files there?
The maximum that we can do with the rights to the folder is to set 666 (read / write).
While writing, I realized that they could upload files to the server through the site’s admin panel if it was hacked, but still I would like to clarify for myself how files can get to the server in order to protect themselves and others would be helpful.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
D
Dinar Garipov, 2013-11-20
@DPechurkin

http://tomolivercv.wordpress.com/2011/07/24/protect-your-uploads-folder-with-htaccess/
Here is an interesting article. :)
5 minutes ago I was looking for a solution myself. :)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question