Hi, everyone. here is told that how to secure your directory!
Every system needs temporary folders that any user is able to read and write but these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems with a machine running apache+php is php injection via apache in which people will have apache download and then run an exploit. Securing the tmp directories is probably the single biggest burner 2.0 irons you can do towards securing your server.
there are any problems?
Edited by shimi - 5/30/12 at 12:37am
Every system needs temporary folders that any user is able to read and write but these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems with a machine running apache+php is php injection via apache in which people will have apache download and then run an exploit. Securing the tmp directories is probably the single biggest burner 2.0 irons you can do towards securing your server.
there are any problems?
Edited by shimi - 5/30/12 at 12:37am
