No announcement yet.

File uploads php.ini - injections php files

  • Filter
  • Time
  • Show
Clear All
new posts

  • File uploads php.ini - injections php files

    hi we have a problem which is common to all of us. We use CXS which is great, but many scripts not being viruses/neither exploits like php mailer scripts can be injected, which cause that account is hacked to do spams, this has happened 2 times in 1 week on user accounts... We dont even talk of other php files types which are not detected and are component of site attacks... Function file_uploads is ON and necessary as it for owners of shop/sites like wordpress/websites, we search for a way to put it OFF only PHP files, and it seems taht even recent PHP versions are pretty not innovative on this, this flaw is major and increasing We use nginx as proxy, and we have already common ruleset against various injections, but what we search for must be implemented at php.ini level. Neitehr we dont want to hear of mod security, neither antivirus solutions like maldet or ai-bolit ( Could cloudlinux make a miracle with alt-php versions having selective uploads allowed/forbidden ? because this would make a real hardened and exclusive PHP versions