A common hack we see these days, involves PHP scripts being used to upload malware to your site via your images or uploads folder and then run it. You can protect your site against such attacks by adding a .htaccess file to your images/upload folders.
Simply put the following code in your .htaccess file:
RemoveType .php
RemoveHandler .php
This will tell our servers not to allow PHP to run in that folder. Ideal
if its a folder for images only or non PHP pages. Sadly, yuo cannot use
this in folders where PHP files need to run from.
Please note: If you are using our phpfastcgi you will also need to add:
AddHandler text/plain .php
This tells the server to override phpfastcgi and treat .php as text (will not process it).
Tuesday, January 18, 2011 10:22 AM