demastermind Posted August 8, 2011 Share Posted August 8, 2011 Hello, I light bulb justed flicked on! What if we used a php script to delete all the php files in the images directory and have deleted files logged to a database table! The php file that does the work could be triggered by a cron job. Could that be a solution to HELP ward off attacks that place php files in the image folder? - Luc My Installed Contributions: 1. Ultimate SEO URLs V 2-2.2d-X 2. Quantity Box on Product Info Page 3. httpbl4osc Version 1.1.0 4. QTpro for osc 2.3 5. Header Tags SEO V 3.0 (For 2.3) 6. DHTML State Selection for 2.3.1 And Good To Know: I use a 960gs fluid style sheet. I do have a honey pot on my website. Store Version: 2.3 “Pain is temporary. Quitting lasts forever." - Lance Armstrong Link to comment Share on other sites More sharing options...
Guest Posted August 8, 2011 Share Posted August 8, 2011 Luc, Clean and secure your website and you won't have to write a script to remove PHP files. Chris Link to comment Share on other sites More sharing options...
demastermind Posted August 8, 2011 Author Share Posted August 8, 2011 Luc, Clean and secure your website and you won't have to write a script to remove PHP files. That defiantly is the way to go, but It would still be a good precaution. My Installed Contributions: 1. Ultimate SEO URLs V 2-2.2d-X 2. Quantity Box on Product Info Page 3. httpbl4osc Version 1.1.0 4. QTpro for osc 2.3 5. Header Tags SEO V 3.0 (For 2.3) 6. DHTML State Selection for 2.3.1 And Good To Know: I use a 960gs fluid style sheet. I do have a honey pot on my website. Store Version: 2.3 “Pain is temporary. Quitting lasts forever." - Lance Armstrong Link to comment Share on other sites More sharing options...
germ Posted August 8, 2011 Share Posted August 8, 2011 A secure site doesn't get unwanted files in the images folder in the first place. You're treating the symptom, not curing the disease... >_< If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
burt Posted August 8, 2011 Share Posted August 8, 2011 Agree fully with the others that is bolting the stable door after the horse has got out. But if you want it; $php_files = glob('images/*.php'); foreach ($php_files as $php_files_deleted) { unlink($php_files_deleted); } May work. Untested. Link to comment Share on other sites More sharing options...
sucuri Posted August 9, 2011 Share Posted August 9, 2011 The main issue is that if an attacker uploads a shell to your images directory, he can use that shell to upload more backdoors in other parts of your site. So removing the .php from the images directory will not protect you against it... thanks, Link to comment Share on other sites More sharing options...
satish Posted August 23, 2011 Share Posted August 23, 2011 Deleting .php script is ok but if you control that thru .htaccess those php files will be useless as they will not get executed. So use both. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.