Your phpBB Version: 2.0.
phpBB Type: Integramod 140
MODs: Yes
Your knowledge: Basic Knowledge
Board URL: http://www.MyMPxPlayer.org
PHP Version:
MySQL Version:
What was done before the problem appeared?
What was done to try to solve the problem?
Deleted the php files
De.scription and Message
Hi all,
In the past two months, I've had two attempts by hackers to hack my site by uploading .php files to the [Downloads] area (pafiledb folder on the web server).
The files are: ch99.php, m6.php, sniper.php and special.php.
I have a copy of them on my computer if anyone wants to take a look at it and use it to find a fix or a way to stop it from working, let me know and I can send it. Otherwise can I upload them in a zip format here to share with everyone else?
Basically, I LOVE IntegraMOD and thank you all for making this available. I thought well, if I'm getting hacking attempts, I might as well tell everyone who uses IntegraMOD about it so they don't have it happening to them.
What would happen is, we have a [Downloads] area where members can upload files, themes etc to our site. They tried to upload the .php files in the "file" location as well as in the "screenshot" location. Luckily I have enabled "admin approval" on all uploads, so was able to check it out before it was executed.
One very important question is, how do I RESTRICT the uploading of file types to a particular folder or through IntegraMOD? I've tried disabling .php files through the ACP but obviously that hasn't worked. Is there a .htaccess file and command we can add to a folder that can restrict the ability to upload a particular file type?
Thanks,
Binh