[ALUG] Stopping Apache running scripts from writeable directories
iDunno at sommitrealweird.co.uk
Tue Oct 2 15:11:04 BST 2007
On Tue, Oct 02, 2007 at 02:44:02PM +0100, Mark Rogers wrote:
> Is it possible to prevent Apache from running a script from a writeable
> It's common these days to have some writeable directories with (for
> example) CMS packages like Joomla, which use them for uploaded images
> etc. However I have a server that's been exploited through a badly
> written plugin which used the normal upload mechanism to upload the
> script, then ran the script directly via an HTTP request to the uploaded
> file. That script was used to send spam, so despite the limited write
> permissions it was restricted to it was still able to do a lot of harm.
Can I make the simple assumption that in this case, by "script" you mean
a chunk of php? If it was a "real" script then ExecCGI would have needed
to be turned on, and it'd have needed to be marked as executable... so
I'm fairly confident that it won't have been that...
Anyways - what you want is...
RemoveType .php .phtml .php3 .phps
That should do it.
More information about the main