We have repeatedly had clients that have been hacked through the /images folder due to php script hacks.
These come in a multitude of guises with the latest one being a .gif file. They usually work by evaluating a specially crafted url. Some of the more clever ones will also zip the malicious code to generate a smaller url.
This can prove problematic if you try to limit scripting as it is not always the same file extenions within the folder so we looked in to a different solution and came up with the following:
This solution only works on 'nix distros
- Create a .htaccess file within the root images folder or amend it if it already exists
- Add the following line:
Code: Select all
php_flag engine off
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<remove name="PHP 5" />
</handlers>
</system.webServer>
</configuration>