PHP temporary uploads

Posted by Hpkp4k under IIS on 10/10/2013 | Points: 10 | Views : 2169 | Status : [Member] | Replies : 0

Can anyone guide me how to stop c:/windows/temp directory from malicious uploads using php under a shared environment? Someone on the server is able to upload spyware e.g. content stealers using php upload forms. The files are detected by anti-malware software like malwarebytes.

I am not sure if they are able to execute the files. I can try changing the temporary upload path for php uploads but what permissions should I set on it so as not to give that folder execute permission but still have legitimate users upload the files?

Any guidance will be greatly appreciated.



(No response found.)

Login to post response