Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

Forums
Forums

Quick Links
- Search Forums
- New Posts
Search titles only

Posted by Member:

Separate names with a comma.

Newer Than:

Search this thread only

Search this forum only

Display results as threads

More...

Useful Searches

Recent Posts
Resources
Resources

Quick Links
Feature Requests
Defects
Menu

Preventing .php.jpg files from being executed

Discussion in 'Security' started by canfone, Apr 3, 2011.

canfone Active Member Verifed Vendor

Joined:

Aug 15, 2003

Messages:

26

Likes Received:

0

Trophy Points:

151

Location:

Montreal

We are looking into how to prevent php from executing filename.php.jpg files

per this issue here:

#11122 (Sanitize filenames with multiple extensions)

In the :

/usr/local/apache/conf/php.conf

Instead of using

AddType application/x-httpd-php .php4 .php .php3 .php2 .phtml

Is it prefferiable to do this:?

<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

Should this be standardized with cPanel's auto generated php.conf file?

#1 canfone, Apr 3, 2011
cPanelTristan Quality Assurance Analyst Staff Member

Joined:

Oct 2, 2010

Messages:

7,606

Likes Received:

33

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator
What set handler are you using on the machine? I tested this on a machine using suPHP and the page called php.php.jpg didn't return the PHP content. As such, have you confirmed this behavior on the newest PHP 5.3 on your machine as happening? You can determine your handler with the following command:

Code:

/usr/local/cpanel/bin/rebuild_phpconf --current | grep -i 'php4\|php5'
cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

#2 cPanelTristan, Apr 4, 2011

(You must log in or sign up to post here.)

Loading...

Similar Threads - Preventing files being

Preventing the server from compromise

spacereaper82, Oct 1, 2018, in forum: Security

Replies:

3

Views:

334

keat63

Oct 9, 2018
Preventing user password change in webmail

PeteS, Sep 7, 2018, in forum: E-mail Discussion

Replies:

2

Views:

410

PeteS

Dec 11, 2018
Htaccess preventing file uploads?

bugetarul, May 19, 2018, in forum: Security

Replies:

3

Views:

576

cPanelMichael

May 21, 2018
Preventing reply for an email account

toplisek, Jan 13, 2018, in forum: E-mail Discussion

Replies:

1

Views:

302

cPanelMichael

Jan 18, 2018
SOLVED Set number of files opened simultaneously

Rogerio, May 22, 2019 at 10:30 AM, in forum: General Discussion

Replies:

2

Views:

89

Rogerio

May 23, 2019 at 8:54 AM

Share This Page

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...

Dismiss Notice