[nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack
Chris Snyder
chsnyder at gmail.com
Tue Mar 27 10:56:15 EDT 2012
>> Oh, and lock down your file permissions. The web server shouldn't be
>> allowed to write to any files or directories.
>>
>
> Except when it really needs to, like for writing data to a file-based cache,
> or accepting file uploads. How do you recommend handling those cases?
On a shared host? Don't use files for those things, use your database instead.
For cache you can use SQLite if you really feel like staying in the
filesystem. For uploaded files, store them in a table in MySQL.
As a bonus, this makes backups easier. All you have to do is back up
the database and you're done.
More information about the talk
mailing list