Home » Articles and guides » Security How-To's and Guides

file Checking

Posted February 21st, 2006 by Ahmed

dear sirs,

is there any way , idea , function ... to put it into a .htaccess file .. to check a file content when somone request that file from the web ????

If somone hacked a web site and uploade a PHP shell ... of course he will request it via

the web like http://site.com/phpshell.php

here i want someting to check that phpshell contente ... if it find a shell script ..

it's prevent it displaying via the web .. if itsn't a shell script .. it's allow for its request and display the file content ..

waiting foe early replay ..

and I'm so sorry for my bad English

thanks & best regards ..

-Ahmed,

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

php shell

On February 21st, 2006 eth00 says:

You could easily limit what is called via mod_security, just block those specific words.

As far as checking if it is a shell script, no way....there is no way to differentiate a legit and bad script. The best you can do is limit the php functions, which may in turn may restirct some websites.

Important

On February 22nd, 2006 Ahmed says:

Dear , eth00

Thank you Very much sir, But if possible can i have an example .. for what can i write to block some words.

Thanks,
-Ahmed

mod-sec

On February 24th, 2006 eth00 says:

SecFilterSelective THE_REQUEST "wget "

Just replace wget...

Powered by Drupal - Theme created by Danger4k