Knowledgebase: Security & Abuse
Disable PHP Execution
Posted by Pacific Host on 04 December 2011 03:49 PM

To prevent execution of PHP code inside your image directories, which is mostly where hackers will upload their phishing scripts, simply paste this code into a .htaccess file inside your image directories:

<Files .htaccess>
order allow,deny
deny from all
</Files>

php_flag engine off
Options -ExecCGI

<FilesMatch "\.(php|pl|sh|cgi)$">
<Limit GET PUT POST>
order deny,allow
deny from all
</Limit>
</FilesMatch>


If you are on a server that uses suPHP, you will need to use this .htaccess code instead:

suPHP_ConfigPath /home/USERNAME/public_html/img
SetEnv /home/USERNAME/public_html/img/php.ini

<Files .htaccess>
order allow,deny
deny from all
</Files>

Options -ExecCGI

<FilesMatch "\.(php|pl|sh|cgi)$">
<Limit GET PUT POST>
order deny,allow
deny from all
</Limit>
</FilesMatch>

Note: Make sure you replace USERNAME with your account username, and modify the path to your image directory properly.

You will also need to create a php.ini file with this as its contents:

engine = Off

(1 vote(s))
Helpful
Not helpful

Comments (0)