PDA

View Full Version : How to secure /cache folder agains malicious scripts?



Fli
03-04-2014, 03:40 PM
Hi, my phpbb forum repeatedly got hacked by injecting some code or file into /cache folder
So i want to ask how i can prevent this to happen? Any handy .htaccess rules? Thank you


My finds:
If you are sure your cache folder will NOT contain any .php files, you may turn all phps into readable text (so harmless)

RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off

----

Deny access to the folder to all except localhost (hosting server):


<Directory />
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>

Deny access to all files:


<Files *>
Order Allow,Deny
Deny from All
</Files>