Hello board!
In 2007 we installed FCKEditor 2.4.1 and we are still using it, but we had to disable the images upload.
We have experienced an attack by some bad people who did find our FCKEditor installation and uploaded shell scripts instead of images. This scripts contained commands to try to compromise our server. They did not succeed, but was not a nice experience.
Now I'm preparing a new RH Linux server and I'm installing the last CKEditor 3.6.1, and would like to use the upload feature again. Is there a way to avoid this kind of attacks? As first, I will change the default directory's name.
Thank you folk for any suggestions.
In 2007 we installed FCKEditor 2.4.1 and we are still using it, but we had to disable the images upload.
We have experienced an attack by some bad people who did find our FCKEditor installation and uploaded shell scripts instead of images. This scripts contained commands to try to compromise our server. They did not succeed, but was not a nice experience.
Now I'm preparing a new RH Linux server and I'm installing the last CKEditor 3.6.1, and would like to use the upload feature again. Is there a way to avoid this kind of attacks? As first, I will change the default directory's name.
Thank you folk for any suggestions.
Re: How to avoid upload of shell script instead of images
Hi Stefano631,
regarding FCKeditor: only versions 2.6.5 and above can be considered safe.
However, we most sincerely recommend upgrading to CKEditor -- a much more modern, refined, and stable product. When coupled with CKFinder, our file browser solution, the file upload is safe and free from the errors that gave your trouble in the past. For more security tips and settings see CKFinder Developer's Guide, Security section for the server-side version (PHP, Java, ASP.NET etc.) that you are going to use.
Documentation Manager, CKSource
See CKEditor 5 docs, CKEditor 4 docs, CKEditor 3 docs, CKFinder 3 docs, CKFinder 2 docs for help.
Visit the new CKEditor SDK for samples showcasing editor features to try out and download!