Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Alert on file types uploaded?

Alert email informing me of any php files uploaded to apache?

10:37 pm on Oct 17, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:May 27, 2003
votes: 0

Is there an easy way to record and be given an alert by email when certain file types are uploaded to my server?

Recently i have had my server hacked and php files were uploaded without my knowledge. The files were on the server for a long time before i spotted them.

I have patched the security hole that allowed the files to be uploaded but since i have so many files on my server - it is very difficult to know in future if this happens again.

I was hoping on an alert by email by anything such as a .php file was uploaded - that way if i have not uploaded this myself i will know immediately that there is a problem.

Perhaps there is a way to set this in apache or a pre-coded script is available somewhere online?

If not - would you think this is a large project to code from scratch?

Ideally i would want the alert however a .php files was placed on the server - upload, via a script, etc.

11:00 pm on Oct 17, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
votes: 0

Maybe there is a way to BLOCK such files from being uploaded?
9:08 pm on Oct 18, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:May 27, 2003
votes: 0

Well i do need to upload .php files myself but maybe blocking certain folders would be helpful.

I think an email alert would be perfect as if i notice anything i had not uploaded or anyone else had not uploaded that was working on the site - i know straight away that the security has been compromised.

I have been working on a update for my site and there are many folders and files - it would be a mammoth tast to manually check these every day. Although the security hole has now been patched there are always new scripts, etc that may offer similar opertunitys in the future.

What worries me is that the file they uploaded went several months before being spotted and it was designed to get server access (passwords to just about anything).
So someone else has had access to my server for the last few months using it for something and i don't know what.

The only reason it was spotted is because Google has penalised my site and i had to look into why. It is likely because they did something Google did not like that i was unaware of.

I now have the hassle of checking every file on my server to see if anything else was placed & going through the process of a Google re-inclusion request, etc.

I knew while working on the update that there may be some security holes but was not too concerned as i had everything backed up - never thought it might lead to a Google penalisation.

Now at the last stages of the update - my traffic is low and it is a real downer.

I want to make sure the site is secure as can be so that if i can convince Google the site is now clean the problem will not happen again.

I would have though an email alert from certain file types would be a good thing and something others might have thought of in the past and perhaps there was a simple way of setting apache for this.

I am surpised that not many people have responded to this question as i am sure it is something that everyone would benefit from.

10:52 pm on Oct 18, 2007 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
votes: 6

Are you actually using PHP? If not, then you can simply disable PHP on the server, or at least remove the associated MIME-type for .php files (see RemoveType [httpd.apache.org]).

It's important to note that files are not "uploaded to Apache" - Apache is simply the program which serves the files via HTTP. So the question is, how are these files being uploaded? FTP? That would be the FTP daemon, not Apache.

If you hare running a Unix-based server operating system, you can run a cron job, say once a minute, to remove permissions of any .php files.


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members