yukisho said:
A friend of mine had a very popular website. Someone uploaded a .gz file that had a trojan and he took over his account and removed everything. Well I am hosting him now but I don't want that to happen again. So I need to find a way to not allow any .gz .gzip files on my account. I am not sure if that is something cpanel can do, or if that is something a .htaccess code could do. Again I am sorry for my rude comments earlier.
From what you say, it sounds like a gzipped file was somehow placed in the server's /tmp directory and then executed from there, probably by means of a known exploit in a web application such as phpBB.
Your concern here is NOT gzipped files - these being legitmately uploaded in any form or fashion will not present you with any problems.
The problem here is server security. In short, potentially vulnerable web applications should always be updated where possible to the latest known version and various pretty standard steps should be taken to prevent anything being executed from /tmp, or /var/tmp, that should not be.
If you don't want a repeat of the previous issue, speak to your host about ensuring that the server on which the account is located is sufficiently hardened against such exploits.