13
So far, I still don't know exactly how the files were uploaded, which troubles me somewhat, but the PHP shell script that was placed in the cache dir on one site was used to attack other sites.
Okay, I had a think about things and a potential security enhancement is to put the following into a .htaccess file in the /cache and /templates_c directories:
<Limit GET>
order deny,allow
deny from all
#allow from .my.domain
Limit>
<Limit POST>
order deny,allow
deny from all
#allow from .my.domain
Limit>
This will prevent anyone from loading any file from those dirs in their browser, if they know the file name, and also submitting via POST. This should (in theory) stop a script kiddie from using a script if they manage to upload it to those directories.
Obviously, it won't stop them if they know to look for the .htaccess file and are able delete/alter it, but it is an extra layer.
It would be better if you are able to put it in the virtualhost directive for your site in httpd.conf, for example
<virtualhost>
# other stuff here
<directory "/path/to/cache">
<Limit GET>
order deny,allow
deny from all
#allow from .my.domain
Limit>
<Limit POST>
order deny,allow
deny from all
#allow from .my.domain
Limit>
directory>
<directory "/path/to/templates_c">
<Limit GET>
order deny,allow
deny from all
#allow from .my.domain
Limit>
<Limit POST>
order deny,allow
deny from all
#allow from .my.domain
Limit>
directory>
virtualhost>
Comments?
