Forum
New Topic |
---|
Message | Newest post at the top. |
---|
security tipsIn a shared server environemt or as a result of an intrusion one cannot prevent that someone droppes a file into your album directory.A little help is to prevent access to those files. You can do this if you can use .htaccess files and mod_rewrite is installed. Add this to your .htaccess file: This will cause an access to fail for other then those listed extensions. You can enhance this with reporting: This will give some false alerts as Nimbda is still around and will trigger this. You can prevent this at perfomance cost:
Yo shit, I know how to get around this, but some will step into this. Oki why not moving albums out of the document root? I did this long ago, but didn't realize how easy it is to use with Gallery. Save this code into a file e.g. galimg.php: <? Now change in your gallery config.php file: Replace USER and that domain accordingly and make sure albums is not in your document root. I prefere another method: config.php:
.htaccess: RewriteEngine onThis disguises the script file and allows easier switching (some banners for hot linkers 😁 ) So now don't forget to move your albums directory into the proper location Some words to the script. It makes some security checks and allows only those 4 image file types to be send If something else is requested, the banner is sent. Have fun with this Rowald This works perfectly for www.modelgraphy.com | |
Author: | 2005-06-05 |
New Topic |
---|