Prenting File Types - Page 2 Prenting File Types - Page 2
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Prenting File Types

Started by keith10456, March 19, 2006, 12:52:49 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2
User actions

Nibbler

#20
March 22, 2006, 10:05:20 PM
Read the link I gave you earlier. That contains code to stop .rar files being treated as php scripts by apache.

keith10456

#21
March 22, 2006, 11:02:40 PM
Got... Sent it to my host.

Many thanks!

Joachim Müller

#22
March 23, 2006, 09:29:42 AM
ask your webhost to fix his server - the attacker used a vulnerability that exists on Apache webserver setups that aren't hardened against such attacks. Regular servers aren't meant to parse files with the extension ".rar" with the PHP processor. Your server is configured improperly - it doesn't treat ".rar" files and document files, but parses PHP included in it. By not allowing the upload of .rar files using coppermine, you just keep future attackers from exploting the server setup glitch. However, you haven't cured the webserver itself. The attacker might have used the security flaw to create backdoors on your server that allows him to enter later (even after having fixed everything), so it's mandatory to scan the server for those backdoors as suggested. It's mandatory as well that your webhost fixes the server setup vulnerability. Contact them asap, asking them to do as advised here. You're welcome to make your webhost visit this thread and the other one Nibbler refered to - they should know what to do then. I'm convinced they will, as the said vulnerability will not only have an impact on your domain, but on the accounts of other website owners who are hosted on the same server.
Print
Go Up Pages 1 2
User actions