my forum got hacked 3 times, and i detected the hacker use RFI(Remote
file inclusion) after i found an avatar image contain Phpshell code
inside it. and the weird thing is when i tried to use RFI on Apache it
will not run the phpshell,
Itâs not precisely the same, since you have rfi.php?hal=ass.jpg and not
rfi.php/ass.jpg, but it feels like the same bug, and youâre only a
rewrite rule away from having exactly the problem command line.
The short answer is to add this:
try_files $uri =404;
or this:
if (!-f $request_filename) { return 404; }
to your PHP configuration in the PHP fastcgi configuration block.
its not working man⌠i added the line you gave and i think you can
still access it
Donât know, then, sorry. Maybe post your log and the php configuration
that youâre using? Someone else will likely need to help from this
point. My post was a shot in the dark because your issue looked so much
like the php fastcgi issue that I linked to.
Tim
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.