Types of files being uplodaded

Any feature requests go in here...

Types of files being uplodaded

Postby aaa007 » Fri Mar 11, 2011 11:43 am

I have used the previous version of daddy script and I stoped using this great script because my website got hacked a few times.

The reason was:

The script allowed users to upload .php files .exe files or any other extension.

Somehow they were able to run this files into my site and collect data such as passwords and usersnames.

In my opinion this was a major bug which lead my websites being hacked for 3-4 times.

If there is an feature or bug fix which it will allow users to upload any file but not let them "run" into the server this will be great.

Thanks

p.s. if this bug has been fixed sorry for opening the same topic again.
aaa007
Standard Member
 
Posts: 9
Joined: Fri Mar 11, 2011 11:19 am

Re: Types of files being uplodaded

Postby PeterS » Fri Mar 11, 2011 5:42 pm

I think you are most likely referring to exploits and I don't think any exist in Daddy's File Host as far as I am aware. If such an attempt were to happen, you have to report it to the community as soon as possible.
PeterS
Global Moderator
 
Posts: 159
Joined: Mon Feb 21, 2011 4:58 am

Re: Types of files being uplodaded

Postby aaa007 » Tue Mar 15, 2011 9:33 am

I will install again the script and i hope i will not get this attacks again.

I can cleary remember that those files were uploaded via the image upload page and then they were able to run them.

Thanks
aaa007
Standard Member
 
Posts: 9
Joined: Fri Mar 11, 2011 11:19 am

Re: Types of files being uplodaded

Postby PeterS » Tue Mar 15, 2011 8:49 pm

aaa007 wrote:I will install again the script and i hope i will not get this attacks again.

I can cleary remember that those files were uploaded via the image upload page and then they were able to run them.

Thanks


Sounds odd, are you sure the hacker got access by using DFH? Maybe the hacker got access to your site by another script on your website. To be certain of this, I'd recommend you look at the system's log and by chasing which files got changed (tracking back the original hacked file).
PeterS
Global Moderator
 
Posts: 159
Joined: Mon Feb 21, 2011 4:58 am


Return to Feature Request

Who is online

Users browsing this forum: No registered users and 13 guests

cron