Running Solaris/Apache/PHP.
Our user base needs to be able to upload files to the web servers, so we have to have php uploads enabled. Problem comes when users provide upload scripts that aren't restricted and an attacker uploads their own data. Often the attacker will upload their own data they want to serve up on the web server, or will upload another php script that gives them further access on the system.
- Is there a way to prevent PHP from uploading other php scripts from the system side (I know users could do this, but can't be certain they will)?
- What are some general security precautions that others take or best practice with handling the allowing of file uploads? How can we stop these scripts from being abused?
We have thousands of users, so checking that every upload script (be it custom, wiki, etc.) is secure seems just about impossible. I've have a script that checks for web writable directories and looks to see if there are appropriate .htaccess setting restrictions for those directories, but systems that have their own login systems that aren't .htaccess/.htpasswd based (wikis, etc.) won't use these, so these scripts don't really help in that regard.
Host your upload folder separate from any of the application scripts/binaries. Setup Apache so that it will not execute any cgi/php/etc code from the upload directory. Ideally host the upload data in a directory outside of the webroot.
Since you are hosting many users, use a PHP server/module so each user's code operates under their own userid.
Beyond that you cannot really protect a person able to publish code to your server from themselves. If they upload insecure code, then they will see the consequences. It is simply impossible to have 100% protection.