evex.php uploaded due to Maya theme vulnerability

Thanks for that Thomas. For us non php people, can you offer a copy/paste for this?

Cheers

I can give you a partial example that I have posted on my website. But it involves a bit, because if they were able to get an executable file to your server and it ran automatically, they could create/edit an .htaccess file and use a handler to make any file run as PHP. So make sure after you have placed an .htaccess file in your uploads directory that it is not writable.

# Disable any cgi-scripts and prevent directory browsing
Options -ExecCGI -Indexes

# Whitelist the following file extensions
# This includes the blocking of double extensions using [^.]
Order Allow,Deny
<FilesMatch "^[^.]+\.(?i:jpe?g|png|gif)$">
Allow from all
</FilesMatch> 

# Secure MIME-types
<FilesMatch "\.[Jj][Pp][Ee]?[Gg]$">
ForceType image/jpeg
</FilesMatch>
<FilesMatch "\.[Pp][Nn][Gg]$">
ForceType image/png
</FilesMatch>
<FilesMatch "\.[Gg][Ii][Ff]$">
ForceType image/gif
</FilesMatch> 

# Make sure mod_rewrite is running
RewriteEngine On

# Disable scripts
RewriteRule !^[^.]+\.(?:jpe?g|png|gif)$ - [H=cgi-script,NC,L]

The reason you want to make sure that use ForceType for the images, is to keep anyone from trying to add a handler to an image file to make it run as PHP, like I mentioned above.

Thank you Thomas – VERY much appreciated. I will add this code to my sites and change the permissions as you suggest.

I have cleaned up, now it’s about future prevention measures as the security plugins don’t cover the complete spectrum.

Thanks again!