I was given the task to setup, configure, and manage an external facing apache web server.<\/p>\n
So I turned to my trusty Ubuntu Server 9.10 x86 CD, installed it and then ran the updates. Yes, I put LAMP on there.<\/p>\n
After all was said and done, I grabbed my trusty internal-only php uploader script. Unfortunately it’s not fully secure – I actually had someone attack my “honeypot” site successfully by exploiting this script and a lax apache install. What makes this script so bad for use on the outside is it’s need for chmod 777 privileges. Yuck.<\/p>\n
A good way to stop people from finding bad things to run is to hide indexing from the site (directory listing). Another is to stop executables from running in that directory.<\/p>\n
Open up the sites-enabled configuration of apache Under the first virtualhost area, edit for your directory:<\/p>\n <VirtualHost *:80> DocumentRoot \/var\/www ScriptAlias \/cgi-bin\/ \/usr\/lib\/cgi-bin\/ <Directory \/var\/www\/upload_files\/> Then restart apache I was given the task to setup, configure, and manage an external facing apache web server. So I turned to my trusty Ubuntu Server 9.10 x86 CD, installed it and then ran the updates. Yes, I put LAMP on there. After all was said and done, I grabbed my trusty internal-only php uploader script. Unfortunately … Continue reading Secure PHP Upload Directory<\/span>
\nnano \/etc\/apache2\/sites-enabled\/000-default<\/code><\/p>\n
\nServerAdmin webmaster@localhost<\/p>\n
\n<Directory \/>
\nOptions FollowSymLinks
\nAllowOverride None
\n<\/Directory>
\n<Directory \/var\/www\/>
\nOptions FollowSymLinks MultiViews
\nAllowOverride None
\nOrder allow,deny
\nallow from all
\n<\/Directory><\/p>\n
\n<Directory “\/usr\/lib\/cgi-bin”>
\nAllowOverride None
\nOptions +ExecCGI -MultiViews +SymLinksIfOwnerMatch
\nOrder allow,deny
\nAllow from all
\n<\/Directory><\/p>\n
\nAllowOverride None
\nOptions IncludesNOEXEC
\nOptions -Indexes
\nOptions -ExecCGI
\nAddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi .gif .pdf .jpg .png .tif .tiff .wmv .mpg .mp3 .mp4 .avi .txt .html .exe .xml .*
\n<\/Directory><\/strong><\/p>\n
\n<\/strong><\/p><\/blockquote>\n
\napache2ctl restart<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"