ico files security?

  • Resolved cointacted

    (@cointacted)


    2 years, 7 months ago

    Hackers have been using .ico files for years now to to beat .php file blocking. They put .ico files in the WP /plugins/ folder and execute their hacker code with the .ico files instead of using .php files. So blocking .php files is useless against that very common hacking method. Do you have ico files blocking feature? Other security plugins have it.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter cointacted

    (@cointacted)

    Another question – is this correct if I want to whitelist a plugin for executing php?

    ## WP Defender - Protect PHP Executed ##
SetEnvIf Request_URI "multi-currency-wallet-pro/.*$" whitelist
<Files *.php>
<IfModule mod_authz_core.c>
Require env whitelist
Require all denied
</IfModule>
</Files>
## WP Defender - End ##
    Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @cointacted

    I hope you’re well today!

    ICO files “by design” are not “malicious by default” so they are not blocked but yes – they are taken into account. Defender’s Malware Scan should detect and pick them up if there is any malware code included in them so it should be reported to you if they are infected.

    As for the PHP execution “exceptions”, this looks fine to me but I’ve asked our Defender team for confirmation and I (or one of my colleagues) will update you on it soon.

    Best regards,
    Adam

    Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @cointacted

    I just wanted to confirm that your code (to exclude form PHP execution blocking) is correct and should work just fine.

    Best regards,
    Adam

    Plugin Support Amin – WPMU DEV Support

    (@wpmudev-support2)

    Hello @cointacted ,

    We haven’t heard from you for a while now, so it looks like you don’t need our assistance anymore.

    Feel free to re-open this ticket if needed.

    Kind regards
    Kasia

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘ico files security?’ is closed to new replies.