A web site had vlunerability, all allowed hacker to upload backdoor script to “uploads” folder used by the script.
As a quick fix, i disabled PHP execution from “uploads” folder. Doing this for any site is a good dea when if your site is not vlunerable at the moment.
Method 1
To disable PHP execution, create a file with name .htaccess
vi .htaccess
Add
php_flag engine off
Method 2
In .htacess, add
RewriteRule ^.*\.php$ - [F,L]
Only Allow specifc PHP files
Only index.php is allowed. Any other PHP script will result in 403 error.
Order Allow,Deny Deny from all Order Allow,Deny Allow from all
See htaccess
Leave a Reply