jorgeeurolynx
asked on
Upload files in my web server have been erased by hacker
Hi.
I have a web server where my users upload files via POST Method in Php
The upload directory have file permisions 777, because if not they upload files.
Well, a month ago, a hacker accessed to this directory, and he erased all files with 777 permisions
How do I configure this directory for anyone can erase this files?
Thanks
I have a web server where my users upload files via POST Method in Php
The upload directory have file permisions 777, because if not they upload files.
Well, a month ago, a hacker accessed to this directory, and he erased all files with 777 permisions
How do I configure this directory for anyone can erase this files?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
in fact, do watch out for 2 common attacks that leads to indirect upload attempts. They are Remote File Inclusion (RFI) and Local File Inclusion attacks. Never use arbitrary input data in a literal file include request. Always good to verify with a web scanner against the site to sieve out any gaps as attacks can come in if there are any holes and then upload web shell
https://www.owasp.org/index.php/File_System#Includes_and_Remote_files
for interest there is a php shell detector as well - http://www.emposha.com/security/php-shell-detector-web-shell-detection-tool.html
https://www.owasp.org/index.php/File_System#Includes_and_Remote_files
for interest there is a php shell detector as well - http://www.emposha.com/security/php-shell-detector-web-shell-detection-tool.html
the php app should be writen in such a manner that misuse is not possible.