As most of you already know, chmod 777 would give writing / executing rights for everyone `on *nix servers`, it is mostly used in upload scripts / galleries / logs..
Well, you can protect that folder, from being used as a lab for Mr Hacker..
Simple way of doing it is, using a .htaccess, and turning the PHP engine off on that folder and disallowing html / pl / php files.. here is how:
Create a new file, called .htaccess, in it:
php_flag engine off
<Files ~ "\.(php*|s?p?html|cgi|pl)$">
deny from all
</Files>
that's it, now the `hacker` cannot use this folder as a place for PHP shells / scripts or backdooring tools `mostly are perl scripts`...
Protecting 777 chmodded folders
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
good one...additionally setting the sticky bit for the directory permissions would also be good, the sticky bit allows only the owner of the files in the directory (or the root user) to rename/delete them.
http://en.wikipedia.org/wiki/Sticky_bit
http://en.wikipedia.org/wiki/Sticky_bit
-
n3rd
- Staff Member
- Posts: 1474
- Joined: 15 Nov 2005, 17:00
- 18
- Location: my own perfect world in ma head :)
- Contact:
ht access is only to deny modification to those pages from a remote location.
it can still be viewed.
taken from wikipedia:
.htaccess files are often used to specify the security restrictions for the particular directory,
it can still be viewed.
taken from wikipedia:
.htaccess files are often used to specify the security restrictions for the particular directory,
Last edited by n3rd on 04 Jan 2008, 09:13, edited 1 time in total.
[img]http://img580.imageshack.us/img580/8009/userbar2k.png[/img]