On Tue, 2015-03-24 at 16:15 +1300, Steve Holdoway wrote: > On Mon, 2015-03-23 at 19:57 -0700, Robert Paprocki wrote: > > Sounds like you either have a vulnerable web application or hole in your > > systems security. If the root of your problem is that your having content > > uploaded to your server without your consent, you're asking the wrong > > question. > > > > If your app does allow for arbitrary file upload, you can disallow certain > > file extensions, but that should be handled in whatever Wordpress plugin > > you're using. > > > Well, I'm going for the multiple levels of protection approach, but am > trying to mate that with a 'simple to maintain' methodology. > > So, yes I'd like to do both, but without being heavy-handed on the > website owners. > > > Steve Just had another attack on a drupal site. Should I resort to weird ownership / permissions at a system level? That just makes it really difficult for the client to keep their site current, which is pretty counter-productive. I did work out a couple of scripts for Magento to chown nobody / chattr +i to lock a site down when in 'production mode' and vv, but it is still an imposition.
Steve -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
