Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Preventing .php.jpg files from being executed

Discussion in 'Security' started by canfone, Apr 3, 2011.

  1. canfone

    canfone Active Member

    Joined:
    Aug 15, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Montreal
    We are looking into how to prevent php from executing filename.php.jpg files

    per this issue here:

    #11122 (Sanitize filenames with multiple extensions)

    In the :

    /usr/local/apache/conf/php.conf

    Instead of using

    AddType application/x-httpd-php .php4 .php .php3 .php2 .phtml


    Is it prefferiable to do this:?

    <FilesMatch \.php$>
    SetHandler application/x-httpd-php
    </FilesMatch>


    Should this be standardized with cPanel's auto generated php.conf file?
     
    #1 canfone, Apr 3, 2011
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    What set handler are you using on the machine? I tested this on a machine using suPHP and the page called php.php.jpg didn't return the PHP content. As such, have you confirmed this behavior on the newest PHP 5.3 on your machine as happening? You can determine your handler with the following command:

    Code:
    /usr/local/cpanel/bin/rebuild_phpconf --current | grep -i 'php4\|php5'
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelTristan, Apr 4, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - Preventing files being
  1. spacereaper82

    Preventing the server from compromise

    spacereaper82, Oct 1, 2018, in forum: Security
    Replies:
    3
    Views:
    175
    keat63
    Oct 9, 2018
  2. PeteS

    Preventing user password change in webmail

    PeteS, Sep 7, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    115
    cPanelMichael
    Sep 11, 2018
  3. bugetarul

    Htaccess preventing file uploads?

    bugetarul, May 19, 2018, in forum: Security
    Replies:
    3
    Views:
    233
    cPanelMichael
    May 21, 2018
  4. toplisek

    Preventing reply for an email account

    toplisek, Jan 13, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    193
    cPanelMichael
    Jan 18, 2018
  5. Chris H

    Preventing users viewing system information

    Chris H, May 5, 2017, in forum: Security
    Replies:
    2
    Views:
    525
    Chris H
    May 5, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice