Re: Upload folder permissions
From: Kristofer Gafvert (kgafvert_at_NEWSilopia.com)
Date: 01/13/05
- Next message: Eric Hunter: "Not another "ASP pages not responding" post"
- Previous message: Peter Parker: "Re: IIS 4.0 - 2 domains, 1 IP, Host Headers"
- In reply to: Ray: "Upload folder permissions"
- Next in thread: Alok Kumar: "RE: Upload folder permissions"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 13 Jan 2005 11:12:45 -0800
Hello,
Make sure that "Execute Permissions" are set to None. Then scripts and
executables will not run.
-- Regards, Kristofer Gafvert www.gafvert.info - My articles and help www.ilopia.com Ray wrote: > Hi > > I am running a website with a classifieds section on it that allows users to > post ads and upload an image for the ad. > > The problem is that the site was hacked this weekend by Team_Evil through > this image folder whereby they managed to upload code to it and execute it > resulting in my whole site being defaced. > > My script does a check on the file extension to verify that it is of an > image type before the form posts and allows the upload. > > Is there anyway to setup permissions on the image folder whereby people can > still upload images and that the images be deleted when the ad is deleted > but no asp scripts can be executed from this folder incase they get by the > extension checking again? All the scripts make use of FSO to upload and > delete the images.. > > Any guidelines and assistance will be appreciated. > > Thanks > Ray
- Next message: Eric Hunter: "Not another "ASP pages not responding" post"
- Previous message: Peter Parker: "Re: IIS 4.0 - 2 domains, 1 IP, Host Headers"
- In reply to: Ray: "Upload folder permissions"
- Next in thread: Alok Kumar: "RE: Upload folder permissions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
