protected hosting

rave

New member
hello

i want to know that does gigarank free hosting stops files of my members in my site from malware or virus files from being uploaded?


i want to confirm that many ppl from around the world visits our site. so some ppl may upload c99shell or r57shell to inject mysql in my site or may try to hack site.

is gigarank website running antivirus to stop that kind of files?

is there any way to stop them? or any feature i need to enable in my cpanel to stop c99shell or r57shell from being uploaded in my website directory?
 

un4saken

Administrator
Hello rave,

Unfortunately we don't scan uploaded files in real time. Think about 300 customers uploading 100 files per hour, this would have a huge impact on the performance if we scan them. However there's a "Clam AV Antivirus" plugin in your cPanel to scan your directories.
 

rave

New member
so what is the best way for me to stop c99shell or r57shell from being uploaded to my site by my site visitors?
 

marcoxd

New member
You should test the file contents.
I recommend using php fileinfo. You can get it's mime type and allow only the safe ones.
 

GigaGreg

Moderator
Staff member
jango said:
if i hosted in your server is my website really protected from ddos for free?

Only webhosting account is protected from DDoS for free. If you had a VPS, you would have to protect the server on your own.
 

marcoxd

New member
Also, put a .htaccess file in the uploads dir with Deny from all on it.
It will deny people from acessing files via web in this folder.
 

grimmallod

New member
For protecting your website even on this hosting I suggest few steps:
1) check your soft (ngix, apache etc.) for updates
2) try to scan your website with autoscanners (owasp zap proxy, nikto, skipfish for example)
3) scan your site with burp suite step by step
4) check all your sql (if you have) for filters
that will give you enough info about your security in a cople of hours:)
 

squishproxy

New member
I would think, any uploaded files, would be monitored by yourself, as it is your responsibility to be careful and make sure these things don't come up when you put said service up for anyone to use.
 

ferreira

New member
grimmallod said:
For protecting your website even on this hosting I suggest few steps:
1) check your soft (ngix, apache etc.) for updates
2) try to scan your website with autoscanners (owasp zap proxy, nikto, skipfish for example)
3) scan your site with burp suite step by step
4) check all your sql (if you have) for filters
that will give you enough info about your security in a cople of hours:)

If you are using autoscanner does not go againt TOS?
 

Genesis

Administrator
Staff member
ferreira said:
grimmallod said:
For protecting your website even on this hosting I suggest few steps:
1) check your soft (ngix, apache etc.) for updates
2) try to scan your website with autoscanners (owasp zap proxy, nikto, skipfish for example)
3) scan your site with burp suite step by step
4) check all your sql (if you have) for filters
that will give you enough info about your security in a cople of hours:)

If you are using autoscanner does not go againt TOS?
Indeed it does. Well spotted.