Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Monday, December 05, 2016
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 40
Guests Online: 40
Members Online: 0

Registered Members: 96795
Newest Member: ExtractCode
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Author

Hacking my web IMing program


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-11-06 23:42
Ok, I just have a question for the more advanced hackers around here. I am creating a web instant messaging program and I plan to allow for people to upload any type of file so they can share them. I am aware that people can upload harmful php files that can damage my server, but that is why I plan on using a .htaccess file to force-download any file in the uploads folder. This way, if people upload a harmful php file, then go to it, they can't harm the server because they have to download it and are not able to run it on the server. However, I don't know if this can be fooled. So, can it or can it not?


Author

RE: Hacking my web IMing program

Mr_Cheese
Member



Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 20-11-06 23:52
excellent plan. its the same method other big file upload websites use.

also hiding hte actual directory its uploaded in is good.

like store the files in /uploads/as8d9y283gajhgsdads/files/

and link the person to.. /uploads/ then with the .htaccess you can get it to isntantly download from /as8d9y283gajhgsdads/files/ instead. thats also how file upload websites work.

in answer to your question, the htaccess thing is pretty secure. unless they find other methods on your site to run it from, such as a local file include exploit or something.

hope that helps.


Author

RE: Hacking my web IMing program


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-11-06 23:56
Thanks for the great reply Mr_Cheese Smile

So I think I'll use this method then Smile