Our site www.viart.com site is operated by latest Viart Shop 5 with default Clear design
Topic Information
daviswe
daviswe
http://www.acunetix.com/websitesecurity/upload-forms-threat/
 
In this discussion, the two sections on Double Extensions are worth reading and implementing. Viart gave us some code for .htaccess that essentially removes the handlers for PHP so that Apache won't just blindly execute anything with a '.php' extension tagged onto the end or middle of a file name. That's helped a lot, and is in perfect synch with the info in these articles, but there's more reading there on how it all works and why you need to check that you're not adding another handler in your .htaccess file that could undo the work Viart gave us.
 
Ed
 
buxton161
buxton161
umm, I am getting hit every two days, If I am reading correctly, add this to file?
 
deny from all
 
<Files ~ "^\w+\.(gif|jpe?g|png)$">
 
order deny,allow
 
allow from all
 
</Files>