Most web based attacks tend to occur by uploading malicious scripts into world writable directories such as cache, and then letting the web server execute those scripts. In apache, one of preventing such scripts from being executed is to add a “.htaccess” file in that directory and insert the following lines

cd /var/www/html/mydomain/uploads
vim .htaccess

Options -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi

Be Sociable, Share!