The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
How to disallow files execution in upload directories?
Hello,
one member adviced me that "You need especially to disallow execution of any files in your upload directories (avatars, profile pics, etc.)" because my site got hacked, some script files modiffied by malware redirect. So i want to ask how i can achieve this? I know how to chmod directory, but in the upload directories are added new files as time goes, and how to automatically change their permissions, or how tis meant? attachments/ customavatars/ customgroupicons/ customprofilepics/ signaturepics/ What is proper above folders permission? 777 not? thanks for advice |
#2
|
|||
|
|||
Those folders need to have 777 (0777) permissions so that your members can upload image files or document/PDF files to those directories.
What you need to do is, as you suggest, disallow any executable files from being run from those directories. For those directories ONLY, create an .htaccess file with these lines as content (or add them to the top of the existing .htaccess file): Code:
Options +FollowSymLinks Options All -Indexes <Files ~ "\.(php\d*|cgi|pl|phtml)$"> order allow,deny deny from all </Files> |
Благодарность от: | ||
postcd |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|