Results 1 to 2 of 2

Thread: Security Bug

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 11-25-2009, 01:09 PM #1
    ramius
    ramius is offline Senior Member
    Join Date
    Jan 2008
    Posts
    216

    Default Security Bug

    Hi,

    Just to let you know that someone found a way for uploading files on a subdir of vshare2.7, precisely on admin/logs/files. I think is a security bug of Vshare, there were about 3 giga of big dimensions copyrighted files there in zip or rar format. This caused a lot of bandwidth consumption. I checked htaccess of that dir, here it is:

    Code:
    order deny,allow

<files ~ "\.(php|php.*|sphp|php3|php4|php5|phtml|cgi|pl|shtml|dhtml|html|htm)$">
deny from all
</files>

<files ~ "\.upload.html$">
allow from all
</files>

<files ~ "^\.">
deny from all
</files>
    Any thoughts about this?

    For the moment I modify htaccess adding this

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
    RewriteRule \.(gif|jpg|js|css)$ - [F]

    I've also password protected that dir, it seems to work. ;-)
    Last edited by ramius; 11-25-2009 at 06:20 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules