Jump to content
MakeWebGames

Recommended Posts

Posted

Recently their have been people complaining about their games having shells entered and tables dropped. I never heard of this type of hack before and was wondering if anyone could help me understand.

How do we protect our codes from shells and prevent them being entered and what functions do we need to use? and most importantly what areas of mccodes would most likely be a target to shell attacks or to be more specific,what type of code would be a target to such attacks and what would secure it?

Regards

Posted

Somebody uploads a file or executes a php script that allows the user to enter shell commands or lets the user edit files or whatever. That file is called a shell script because it's just a php script that provides a web interface to your shell.

How to prevent this:

Secure file uploads - don't allow PHP scripts to be uploaded

Secure file reads - don't execute any uploaded files in any way. Read the contents of the file and echo them or similar, never eval or include uploads (even if they're 'image' files).

Prevent remote file inclusion - don't ever include files where the filename isn't hardcoded. So don't accept include values from say, url parameters or POST values, etc.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...