Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 26
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Author

Hacking my web IMing program


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-11-06 23:42
Ok, I just have a question for the more advanced hackers around here. I am creating a web instant messaging program and I plan to allow for people to upload any type of file so they can share them. I am aware that people can upload harmful php files that can damage my server, but that is why I plan on using a .htaccess file to force-download any file in the uploads folder. This way, if people upload a harmful php file, then go to it, they can't harm the server because they have to download it and are not able to run it on the server. However, I don't know if this can be fooled. So, can it or can it not?


Author

RE: Hacking my web IMing program

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 20-11-06 23:52
excellent plan. its the same method other big file upload websites use.

also hiding hte actual directory its uploaded in is good.

like store the files in /uploads/as8d9y283gajhgsdads/files/

and link the person to.. /uploads/ then with the .htaccess you can get it to isntantly download from /as8d9y283gajhgsdads/files/ instead. thats also how file upload websites work.

in answer to your question, the htaccess thing is pretty secure. unless they find other methods on your site to run it from, such as a local file include exploit or something.

hope that helps.


http://www.hellboundhackers.org/
Author

RE: Hacking my web IMing program


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-11-06 23:56
Thanks for the great reply Mr_Cheese Smile

So I think I'll use this method then Smile