Fli
06-25-2014, 12:49 PM
Hello,
how one can prevent adding malicious scripts to its website.
I mean to my website was injected .php file shell which can create files and such actions. It can even make denial of service, spam and such
so i want to ask how to prevent these scripts be executed or injected?
So far may help creating .htaccess in certain vulnerable folders like /upload /cache and adding:
# disallow php execution
<files *.php>
Deny from all
</files>
If .php execution should be disable everywhere except document root and one subdomain directory, one can try putting this into .htaccess (changing path first in code):
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/subdomains/subdomain
RewriteRule (.*)/(.*).php - [F]
Update: another thing is to remove writing permission on all website directories
how one can prevent adding malicious scripts to its website.
I mean to my website was injected .php file shell which can create files and such actions. It can even make denial of service, spam and such
so i want to ask how to prevent these scripts be executed or injected?
So far may help creating .htaccess in certain vulnerable folders like /upload /cache and adding:
# disallow php execution
<files *.php>
Deny from all
</files>
If .php execution should be disable everywhere except document root and one subdomain directory, one can try putting this into .htaccess (changing path first in code):
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/subdomains/subdomain
RewriteRule (.*)/(.*).php - [F]
Update: another thing is to remove writing permission on all website directories