<div>
Then again, if the php engine CAN access files, then a user through php can access those files.<br />
the php app should be writen in such a manner that misuse is not possible.
</div>


Then again, if the php engine CAN access files, then a user through php can access those files.
the php app should be writen in such a manner that misuse is not possible.

<div>
in fact, do watch out for 2 common attacks that leads to indirect upload attempts. They are Remote File Inclusion (RFI) and Local File Inclusion attacks. Never use arbitrary input data in a literal file include request. Always good to verify with a web scanner against the site to sieve out any gaps as attacks can come in if there are any holes and then upload web shell<br />
<a href="https://www.owasp.org/index.php/File_System#Includes_and_Remote_files" rel="ugc">https://www.owasp.org/index.php/File_System#Includes_and_Remote_files</a><br />
<br />
for interest there is a php shell detector as well - <a href="http://www.emposha.com/security/php-shell-detector-web-shell-detection-tool.html" rel="ugc">http://www.emposha.com/security/php-shell-detector-web-shell-detection-tool.html</a>
</div>


in fact, do watch out for 2 common attacks that leads to indirect upload attempts. They are Remote File Inclusion (RFI) and Local File Inclusion attacks. Never use arbitrary input data in a literal file include request. Always good to verify with a web scanner against the site to sieve out any gaps as attacks can come in if there are any holes and then upload web shell
https://www.owasp.org/index.php/File_System#Includes_and_Remote_files [https://www.owasp.org/index.php/File_System#Includes_and_Remote_files]

for interest there is a php shell detector as well - http://www.emposha.com/security/php-shell-detector-web-shell-detection-tool.html [http://www.emposha.com/security/php-shell-detector-web-shell-detection-tool.html]

<div>
<div class="content wysiwyg-content">
Hi.<br />
<br />
I have a web server where my users upload files via POST Method in Php<br />
<br />
The upload directory &nbsp;have file permisions &nbsp;777, because if not they upload files.<br />
<br />
Well, a month ago, a hacker accessed to this directory, and he erased all files with 777 permisions<br />
<br />
How do I configure this directory for anyone can erase this files?<br />
<br />
Thanks
</div>
</div>


Hi.

I have a web server where my users upload files via POST Method in Php

The upload directory  have file permisions  777, because if not they upload files.

Well, a month ago, a hacker accessed to this directory, and he erased all files with 777 permisions

How do I configure this directory for anyone can erase this files?

Thanks

Upload files in my web server have been erased by hacker

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.