vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   How to disallow files execution in upload directories? (https://vborg.vbsupport.ru/showthread.php?t=306753)

postcd 01-08-2014 08:11 AM
How to disallow files execution in upload directories?
 
Hello,

one member adviced me that "You need especially to disallow execution of any files in your upload directories (avatars, profile pics, etc.)"
because my site got hacked, some script files modiffied by malware redirect.

So i want to ask how i can achieve this? I know how to chmod directory, but in the upload directories are added new files as time goes, and how to automatically change their permissions, or how tis meant?

attachments/
customavatars/
customgroupicons/
customprofilepics/
signaturepics/

What is proper above folders permission? 777 not? thanks for advice

djbaxter 01-13-2014 02:26 AM
Those folders need to have 777 (0777) permissions so that your members can upload image files or document/PDF files to those directories.

What you need to do is, as you suggest, disallow any executable files from being run from those directories.

For those directories ONLY, create an .htaccess file with these lines as content (or add them to the top of the existing .htaccess file):

Code:
Options +FollowSymLinks
Options All -Indexes

<Files ~ "\.(php\d*|cgi|pl|phtml)$">
order allow,deny
deny from all
</Files>


All times are GMT. The time now is 05:26 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00945 seconds
  • Memory Usage 1,707KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete