Answer the question
In order to leave comments, you need to log in
C
C
choodo2015-09-27 10:21:20
choodo, 2015-09-27 10:21:20
How to protect site directories from POST?
How to prohibit uploading files to a directory via POST?
Example:
173.201.196.119 - - [27/Sep/2015:08:50:49 +0300] "POST /js/graphics/outlines/gallery.php HTTP/1.0" 200 128 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36" 2 answer(s)
@choodo
@nazarpc
M
metajiji, 2015-09-27 @choodo
If there are doubts about the engine or what you are using there, and there is no way to edit the code, then you can take simple measures:
1. put chmod on directories 755 and files 644, and if there are directories for downloads, then only 777 there
. 2. Spend a little time and make a list of all php scripts that are called directly and in the nginx config allow these locations to be processed as php scripts, and give 403 to all other php locations
. trying to call any php script from there (after all, there can only be pictures / files, but not php files in any way).
I did this in several places (joomla 1.2 stood) and the attackers' interest in such a site sharply decreased.
N
Nazar Mokrinsky, 2015-09-27 @nazarpc
You don't need to protect them from POST requests.
And you can upload files in other ways.
You fix the code if the files are really uploaded (that is, patch your hole), the directory is not to blame for anything.
If the files are not loading, then what is the problem?
Similar questions
P
A
T
A
P
potapovdmtriy2016-03-29 18:45:31
Is it possible to decompile a windows application written in C++?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question