Hello board!
In 2007 we installed FCKEditor 2.4.1 and we are still using it, but we had to disable the images upload.
We have experienced an attack by some bad people who did find our FCKEditor installation and uploaded shell scripts instead of images. This scripts contained commands to try to compromise our server. They did not succeed, but was not a nice experience.
Now I'm preparing a new RH Linux server and I'm installing the last CKEditor 3.6.1, and would like to use the upload feature again. Is there a way to avoid this kind of attacks? As first, I will change the default directory's name.
Thank you folk for any suggestions.
In 2007 we installed FCKEditor 2.4.1 and we are still using it, but we had to disable the images upload.
We have experienced an attack by some bad people who did find our FCKEditor installation and uploaded shell scripts instead of images. This scripts contained commands to try to compromise our server. They did not succeed, but was not a nice experience.
Now I'm preparing a new RH Linux server and I'm installing the last CKEditor 3.6.1, and would like to use the upload feature again. Is there a way to avoid this kind of attacks? As first, I will change the default directory's name.
Thank you folk for any suggestions.
Re: How to avoid upload of shell script instead of images
CKFinderDeveloper's Guide
Documentation Manager, CKSource
See CKEditor 5 docs, CKEditor 4 docs, CKEditor 3 docs, CKFinder 3 docs, CKFinder 2 docs for help.
Visit the new CKEditor SDK for samples showcasing editor features to try out and download!