Good day

Lately, I'm experiencing problems where users upload malicious files to the imagecache folder.

For example: /imagecache/100width_Left/r57.php_.jpg: PHP.Shell-16 FOUND and /imagecache/250h/ei3.php_.jpg: Trojan.PHP.C99Shell FOUND.

Is there any way to stop this?

Thank you.

Comments

vladan.me’s picture

I've stumbled across this issue accidentally but I think you should either update Drupal to latest version or try fixing it manually by following instructions written here https://drupal.org/SA-CORE-2013-003
In short, you need to locate .htaccess file in sites/default/files (assuming imagecache is located under sites/default/files/imagecache) and change it to mentioned one, hopefully will solve your problem