jeebsc3 Posted November 25, 2009 Share Posted November 25, 2009 Hi guys, Recently been hacked the **** out of my server, the group dumped rootkits onto the machine and it's been extremely messy and a big hassle to sort out. Server guys disabled commands like symlink ,shell_exec, exec etc but using one of their scripts on the machine I can see that anyone can read my public_html / site root folder and download any of the php scripts/files there. Is there any way to disable this? Don't want to put the site backup if that's still possible! Any other security tips/hints most welcome - many thanks! Link to comment https://forums.phpfreaks.com/topic/182890-php-security-preventing-script-downloadviewing-directory/ Share on other sites More sharing options...
Yesideez Posted November 25, 2009 Share Posted November 25, 2009 All I can think of is disabling viewing of folder content - use .htacces for this http://www.javascriptkit.com/howto/htaccess11.shtml Might not be exactly what is needed but could help. In any sub folders (like "images/") I add an empty index.php file so if anyone tries to navigate directly to that folder they get nothing in their browser. Link to comment https://forums.phpfreaks.com/topic/182890-php-security-preventing-script-downloadviewing-directory/#findComment-965326 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.