Usually, I try to set my folders to have permission 775, but some web-hosting refuses to let PHP writes开发者_如何转开发 or move files to any folders unless it has permission 777 (it may be open_dir or safe mode).
Are there any ways to prevent any PHP files from being ran from such folders, in case a malicious PHP script has been uploaded there?
Folders with 777 permissions are inexcusably dangerous. Find a different web host
Actually, find a different host if your host does NOT require 777 for it to be writeable. In truth, if PHP scripts can write to a folder that is 755 (suexec, suPHP), that's effectively the same as having ALL folders 777. So what you want, for security, is a host who requires 777 in order to make the folder writeable.
Think about it this way - almost all folders are 755 by default. If scripts can write to 755 folders, that means any script can write to any folder!
If scripts can write only to 777 folders, that means that can only write to the folders they are supposed to. If you're going to allow writes to all directories, they may as well ALL be 777, so that's what's inexcusably dangerous.
Just the opinion of one licensed security professional with fifteen years of experience.
Are there any ways to prevent any PHP files from being ran from such folders, in case a malicious PHP script has been uploaded there?
You could disable PHP for that directory. See this answer.
Ray's comment doesn't make sense. A licensed security professional? Scripts that are created by owner should be able to write to 755 folders! See http://www.zzee.com/solutions/linux-permissions.shtml too!
And the answer to the original question... It's easy. using php_value auto_prepend_file within .htaccess will do it. Just create a simple script that terminates [die() function], define it within .htaccess; each PHP script called from such a directory will not be executed. You can even configure that "kill" script to email you each time something suspicious happens (when something is trying to call PHP scripts from the "protected" directory).
Disable Script Execution You can also try to disabled script execution on the uploaded folder where all the files go. You can do this by writing a .htacess file on the folder.
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论