[nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack
Matthew Kaufman
mkfmncom at gmail.com
Tue Mar 27 11:20:54 EDT 2012
Apache's mod_websecurity and Snort will help...
On Tuesday, March 27, 2012, Chris Snyder <chsnyder at gmail.com> wrote:
>>> Oh, and lock down your file permissions. The web server shouldn't be
>>> allowed to write to any files or directories.
>>>
>>
>> Except when it really needs to, like for writing data to a file-based
cache,
>> or accepting file uploads. How do you recommend handling those cases?
>
> On a shared host? Don't use files for those things, use your database
instead.
>
> For cache you can use SQLite if you really feel like staying in the
> filesystem. For uploaded files, store them in a table in MySQL.
>
> As a bonus, this makes backups easier. All you have to do is back up
> the database and you're done.
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120327/3bea29f4/attachment.html>
More information about the talk
mailing list