SHAD Posted March 6, 2010 Posted March 6, 2010 Recently their have been people complaining about their games having shells entered and tables dropped. I never heard of this type of hack before and was wondering if anyone could help me understand. How do we protect our codes from shells and prevent them being entered and what functions do we need to use? and most importantly what areas of mccodes would most likely be a target to shell attacks or to be more specific,what type of code would be a target to such attacks and what would secure it? Regards Quote
Danny696 Posted March 6, 2010 Posted March 6, 2010 Its a file uploaded to your sever, the hacker will then open the file e.g shall.txt and it will run the php/other script. Quote
SHAD Posted March 6, 2010 Author Posted March 6, 2010 So what would be the best way to prevent this? Quote
Zeggy Posted March 6, 2010 Posted March 6, 2010 Somebody uploads a file or executes a php script that allows the user to enter shell commands or lets the user edit files or whatever. That file is called a shell script because it's just a php script that provides a web interface to your shell. How to prevent this: Secure file uploads - don't allow PHP scripts to be uploaded Secure file reads - don't execute any uploaded files in any way. Read the contents of the file and echo them or similar, never eval or include uploads (even if they're 'image' files). Prevent remote file inclusion - don't ever include files where the filename isn't hardcoded. So don't accept include values from say, url parameters or POST values, etc. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.