Can anyone guide me how to stop c:/windows/temp directory from malicious uploads using php under a shared environment? Someone on the server is able to upload spyware e.g. content stealers using php upload forms. The files are detected by anti-malware software like malwarebytes.
I am not sure if they are able to execute the files. I can try changing the temporary upload path for php uploads but what permissions should I set on it so as not to give that folder execute permission but still have legitimate users upload the files?
Any guidance will be greatly appreciated.