disable file uploads

Steve Holdoway steve at greengecko.co.nz
Tue Mar 24 20:04:18 UTC 2015


On Tue, 2015-03-24 at 16:15 +1300, Steve Holdoway wrote:
> On Mon, 2015-03-23 at 19:57 -0700, Robert Paprocki wrote:
> > Sounds like you either have a vulnerable web application or hole in your systems security. If the root of your problem is that your having content uploaded to your server without your consent, you're asking the wrong question. 
> > 
> > If your app does allow for arbitrary file upload, you can disallow certain file extensions, but that should be handled in whatever Wordpress plugin you're using. 
> > 
> Well, I'm going for the multiple levels of protection approach, but am
> trying to mate that with a 'simple to maintain' methodology.
> 
> So, yes I'd like to do both, but without being heavy-handed on the
> website owners.
> 
> 
> Steve
Just had another attack on a drupal site. Should I resort to weird
ownership / permissions at a system level? That just makes it really
difficult for the client to keep their site current, which is pretty
counter-productive. I did work out a couple of scripts for Magento to
chown nobody / chattr +i to lock a site down when in 'production mode'
and vv, but it is still an imposition.

Steve
-- 
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa



More information about the nginx mailing list