Most web based attacks tend to occur by uploading malicious scripts into world writable directories such as cache, and then letting the web server execute those scripts. In apache, one of preventing such scripts from being executed is to add a “.htaccess” file in that directory and insert the following lines

cd /var/www/html/mydomain/uploads
vim .htaccess

Options -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi

Be Sociable, Share!

2 Thoughts on “Prevent script execution in specific web directories

  1. Pingback: Webmaster Crap » Blog Archive » Prevent script execution in specific web directories | Daniel T …

  2. Pingback: E-bike

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Post Navigation