Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Archived

This topic is now archived and is closed to further replies.

demastermind

Script to delete all php files in image directory

Recommended Posts

Hello,

I light bulb justed flicked on! What if we used a php script to delete all the php files in the images directory and have deleted files logged to a database table! The php file that does the work could be triggered by a cron job. Could that be a solution to HELP ward off attacks that place php files in the image folder?

 

- Luc


My Installed Contributions:

1. Ultimate SEO URLs V 2-2.2d-X

2. Quantity Box on Product Info Page

3. httpbl4osc Version 1.1.0

4. QTpro for osc 2.3

5. Header Tags SEO V 3.0 (For 2.3)

6. DHTML State Selection for 2.3.1

And Good To Know:

I use a 960gs fluid style sheet.

I do have a honey pot on my website.

Store Version: 2.3

 

“Pain is temporary. Quitting lasts forever."

- Lance Armstrong

Share this post


Link to post
Share on other sites
Guest

Luc,

 

 

Clean and secure your website and you won't have to write a script to remove PHP files.

 

 

 

 

 

Chris

Share this post


Link to post
Share on other sites

Luc,

 

 

Clean and secure your website and you won't have to write a script to remove PHP files.

 

 

 

That defiantly is the way to go, but It would still be a good precaution.


My Installed Contributions:

1. Ultimate SEO URLs V 2-2.2d-X

2. Quantity Box on Product Info Page

3. httpbl4osc Version 1.1.0

4. QTpro for osc 2.3

5. Header Tags SEO V 3.0 (For 2.3)

6. DHTML State Selection for 2.3.1

And Good To Know:

I use a 960gs fluid style sheet.

I do have a honey pot on my website.

Store Version: 2.3

 

“Pain is temporary. Quitting lasts forever."

- Lance Armstrong

Share this post


Link to post
Share on other sites

A secure site doesn't get unwanted files in the images folder in the first place.

 

You're treating the symptom, not curing the disease...

>_<


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Agree fully with the others that is bolting the stable door after the horse has got out.

 

But if you want it;

 

$php_files = glob('images/*.php');
foreach ($php_files as $php_files_deleted) {
 unlink($php_files_deleted);
}

 

May work. Untested.

Share this post


Link to post
Share on other sites

The main issue is that if an attacker uploads a shell to your images directory, he can use that shell to upload more backdoors in other parts of your site.

 

So removing the .php from the images directory will not protect you against it...

 

thanks,

Share this post


Link to post
Share on other sites

Deleting .php script is ok but if you control that thru .htaccess those php files will be useless as they will not get executed.

 

So use both.

 

Satish


Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Share this post


Link to post
Share on other sites

×