Disable PHP on a folder
A web site had vlunerability, all allowed hacker to upload backdoor script to “uploads” folder used by the script.
As a quick fix, i disabled PHP execution from “uploads” folder. Doing this for any site is a good dea when if your site is not vlunerable at the moment.
Method 1
To disable PHP execution, create a file with name .htaccess
1 |
vi .htaccess |
Add
1 |
php_flag engine off |
Method 2
In .htacess, add
1 |
RewriteRule ^.*\.php$ - [F,L] |
Only Allow specifc PHP files
Only index.php is allowed. Any other PHP script will result in 403 error.
1 2 3 4 5 6 7 8 |
<FilesMatch ".*\.(phtml|php|PhP|php5)$"> Order Allow,Deny Deny from all </FilesMatch> <FilesMatch "(index).php$"> Order Allow,Deny Allow from all </FilesMatch> |
See htaccess