cmjennings21 Posted February 2, 2009 Share Posted February 2, 2009 I've just been doing some work on my site and found a file going by the name of sunshop.pl. it was residing in my images folder and appeared to be an sql injection code. Also in my images folder was a file by each of my db files. I've now removed the said file but wondered if anyone else had, had this happen and what do I need to do. I guess I have been hacked but should I be worried? Link to comment Share on other sites More sharing options...
oschellas Posted February 3, 2009 Share Posted February 3, 2009 In case your server requires open folders (777) for uploading product images, place an .htaccess file in that folder with following content: # secure htaccess file <Files .htaccess> order allow,deny deny from all </Files> # disable directory browsing Options All -Indexes # secure directory by disabling script execution AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi Options -ExecCGI This prevents any kind of script execution. Note: works only on Apache. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.