The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Preventing .php.jpg files from being executed

Discussion in 'Security' started by canfone, Apr 3, 2011.

  1. canfone

    canfone Active Member

    Joined:
    Aug 15, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Montreal
    We are looking into how to prevent php from executing filename.php.jpg files

    per this issue here:

    #11122 (Sanitize filenames with multiple extensions)

    In the :

    /usr/local/apache/conf/php.conf

    Instead of using

    AddType application/x-httpd-php .php4 .php .php3 .php2 .phtml


    Is it prefferiable to do this:?

    <FilesMatch \.php$>
    SetHandler application/x-httpd-php
    </FilesMatch>


    Should this be standardized with cPanel's auto generated php.conf file?
     
    #1 canfone, Apr 3, 2011
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,622
    Likes Received:
    24
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    What set handler are you using on the machine? I tested this on a machine using suPHP and the page called php.php.jpg didn't return the PHP content. As such, have you confirmed this behavior on the newest PHP 5.3 on your machine as happening? You can determine your handler with the following command:

    Code:
    /usr/local/cpanel/bin/rebuild_phpconf --current | grep -i 'php4\|php5'
     
    #2 cPanelTristan, Apr 4, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - Preventing files being
  1. Chris H

    Preventing users viewing system information

    Chris H, May 5, 2017, in forum: Security
    Replies:
    2
    Views:
    132
    Chris H
    May 5, 2017
  2. Arkaic

    Preventing xlmrpc.php server-side?

    Arkaic, Aug 29, 2016, in forum: Security
    Replies:
    8
    Views:
    710
    cPanelMichael
    Sep 1, 2016
  3. davez0rz

    Preventing WHM From altering IPTables

    davez0rz, May 27, 2016, in forum: Security
    Replies:
    1
    Views:
    445
    cPanelMichael
    Jun 2, 2016
  4. webmasteryoda

    Preventing changes of mailhelo

    webmasteryoda, Feb 3, 2016, in forum: E-mail Discussions
    Replies:
    3
    Views:
    428
    cPanelMichael
    Feb 4, 2016
  5. Forcerdj

    Preventing server load issues

    Forcerdj, Jan 16, 2016, in forum: Workarounds and Optimization
    Replies:
    4
    Views:
    767
    cPanelMichael
    Jan 18, 2016

Share This Page