Hi,
Just to let you know that someone found a way for uploading files on a subdir of vshare2.7, precisely on admin/logs/files. I think is a security bug of Vshare, there were about 3 giga of big dimensions copyrighted files there in zip or rar format. This caused a lot of bandwidth consumption. I checked htaccess of that dir, here it is:
Code:
order deny,allow
<files ~ "\.(php|php.*|sphp|php3|php4|php5|phtml|cgi|pl|shtml|dhtml|html|htm)$">
deny from all
</files>
<files ~ "\.upload.html$">
allow from all
</files>
<files ~ "^\.">
deny from all
</files>
Any thoughts about this?
For the moment I modify htaccess adding this
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]
I've also password protected that dir, it seems to work. ;-)
Bookmarks