Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Preventing .php.jpg files from being executed

Discussion in 'Security' started by canfone, Apr 3, 2011.

  1. canfone

    canfone Active Member

    Joined:
    Aug 15, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Montreal
    We are looking into how to prevent php from executing filename.php.jpg files

    per this issue here:

    #11122 (Sanitize filenames with multiple extensions)

    In the :

    /usr/local/apache/conf/php.conf

    Instead of using

    AddType application/x-httpd-php .php4 .php .php3 .php2 .phtml


    Is it prefferiable to do this:?

    <FilesMatch \.php$>
    SetHandler application/x-httpd-php
    </FilesMatch>


    Should this be standardized with cPanel's auto generated php.conf file?
     
    #1 canfone, Apr 3, 2011
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,609
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    What set handler are you using on the machine? I tested this on a machine using suPHP and the page called php.php.jpg didn't return the PHP content. As such, have you confirmed this behavior on the newest PHP 5.3 on your machine as happening? You can determine your handler with the following command:

    Code:
    /usr/local/cpanel/bin/rebuild_phpconf --current | grep -i 'php4\|php5'
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelTristan, Apr 4, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - Preventing files being
  1. bugetarul

    Htaccess preventing file uploads?

    bugetarul, May 19, 2018, in forum: Security
    Replies:
    3
    Views:
    97
    cPanelMichael
    May 21, 2018
  2. toplisek

    Preventing reply for an email account

    toplisek, Jan 13, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    144
    cPanelMichael
    Jan 18, 2018
  3. Chris H

    Preventing users viewing system information

    Chris H, May 5, 2017, in forum: Security
    Replies:
    2
    Views:
    443
    Chris H
    May 5, 2017
  4. Arkaic

    Preventing xlmrpc.php server-side?

    Arkaic, Aug 29, 2016, in forum: Security
    Replies:
    8
    Views:
    1,677
    cPanelMichael
    Sep 1, 2016
  5. Robert Wiseman

    chown .htaccess files in public_html?

    Robert Wiseman, Jun 10, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    63
    cPanelLauren
    Jun 11, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice