Hi, my phpbb forum repeatedly got hacked by injecting some code or file into /cache folder
So i want to ask how i can prevent this to happen? Any handy .htaccess rules? Thank you
My finds:
If you are sure your cache folder will NOT contain any .php files, you may turn all phps into readable text (so harmless)
----RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off
Deny access to the folder to all except localhost (hosting server):
Deny access to all files:<Directory />
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
<Files *>
Order Allow,Deny
Deny from All
</Files>
Bookmarks