Comments on: Protect Against Shell Script Hacks http://life-of-brian.com/2008/01/protect-against-shell-script-hacks/ My name is Brian. Welcome to my life. Wed, 01 Feb 2012 02:12:29 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Brian http://life-of-brian.com/2008/01/protect-against-shell-script-hacks/comment-page-1/#comment-602 Brian Wed, 21 Jan 2009 01:28:52 +0000 http://life-of-brian.com/?p=557#comment-602 @Amr, Unless your server has some strange settings, that shouldn't pose a problem. The server won't execute a file with a .gif extension, even if it has .php in there somewhere. It'll attempt to load it like a picture. Since the file format won't be valid, it won't actually display anything (except maybe a broken image icon). If you wanted to stop an upload script from the allowing the file (since it would be dangerous if the infiltrator could rename the script somehow once it had been uploaded), you'd need to edit the upload script's validation code. It probably checks for the last three characters in the filename and assumes that is the file extension. Instead, you could change this to a regex check for anything that includes ".php." You could also explode the filename on "." and check each part to see if it is equal to "php." In the example you provided, the explosion would result in "xxxxx," "php," and "gif." It'd be easy for your script to tell that there's a .php extension in there somewhere. @Amr,

Unless your server has some strange settings, that shouldn’t pose a problem. The server won’t execute a file with a .gif extension, even if it has .php in there somewhere. It’ll attempt to load it like a picture. Since the file format won’t be valid, it won’t actually display anything (except maybe a broken image icon).

If you wanted to stop an upload script from the allowing the file (since it would be dangerous if the infiltrator could rename the script somehow once it had been uploaded), you’d need to edit the upload script’s validation code. It probably checks for the last three characters in the filename and assumes that is the file extension.

Instead, you could change this to a regex check for anything that includes “.php.” You could also explode the filename on “.” and check each part to see if it is equal to “php.” In the example you provided, the explosion would result in “xxxxx,” “php,” and “gif.” It’d be easy for your script to tell that there’s a .php extension in there somewhere.

]]> By: Amr Abdallah M. http://life-of-brian.com/2008/01/protect-against-shell-script-hacks/comment-page-1/#comment-594 Amr Abdallah M. Tue, 20 Jan 2009 09:35:39 +0000 http://life-of-brian.com/?p=557#comment-594 Dear Brian i really found what you wrote the closest to what i am looking for but here is the issue, i found some shell scripts that masked as gif and jpeg files and they are in fact a php shell script, here an example for the format i cought xxxxx.php.gif something in that format the site will see as a picture file but its in fact a script what can i do about it Dear Brian i really found what you wrote the closest to what i am looking for but here is the issue, i found some shell scripts that masked as gif and jpeg files and they are in fact a php shell script, here an example for the format i cought
xxxxx.php.gif something in that format the site will see as a picture file but its in fact a script what can i do about it

]]> By: cocaman http://life-of-brian.com/2008/01/protect-against-shell-script-hacks/comment-page-1/#comment-122 cocaman Sun, 30 Nov 2008 04:21:40 +0000 http://life-of-brian.com/?p=557#comment-122 yep, you are right. the tool/script is very powerful and worked on many servers. i thought about the disallowing of uploading php-files, but i have decided to just not allow to php files to be executed in the upload directory and any other directories php files should not run. hope this helps yep, you are right. the tool/script is very powerful and worked on many servers.

i thought about the disallowing of uploading php-files, but i have decided to just not allow to php files to be executed in the upload directory and any other directories php files should not run. hope this helps

]]>