Securing publicly available folders
About the Author
Mike Rogers is a Web Developer who is currently at University studying Web Technologies. He also is the founder of Full On Design. He has several years experience freelancing and you can follow him on Twitter (Rogem002).
Anyone who has ever developed a website which allows users to upload files will tell you “It’s best to think everyone is out to destroy your server”, which unfortunately is the best mindset to be in when setting up any website. One of the main methods used to by hackers to breach security on your website is to upload a file which allows them to execute code.
Here is a very quick and easy solution to stop potential hackers executing files in certain folders.
Open the .htaccess file in the folder you wish to protect and add the following code:
Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
This will essentially stop the folders returning an index of what is inside them and stop various files from running.
Useful Links
PHP File Upload Security
Apache Tutorial: .htaccess files
Apache, MySQL, and PHP Web Development All-in-one Desk Reference for Dummies
