mercredi 2 juin 2021

What is the best practice to prevent hacking by uploading php files to public folder on Laravel?

My Laravel public folder was uploaded by many php files, and also with some Wordpress files. It happened same to another Opencart website. I think hacker using same method to do that. Could anyone can help to answer some of the following questions or giving the best practices?

  1. How hacker could upload php files to website? They upload with page that allow to upload file? Or they attack by guessing FTP username and password?
  2. How to prevent this attacking? We have to do file type upload validation? And also config server security like file and folder permission, etc?
  3. How attacker find our website? We didn't share to anywhere, just upload to a new server. Then a few months later it was attacked.


via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire