-1

I have a custom laravel folder structure and I follow this Option2

and this is my folder right now.

enter image description here

but when I try to create a test.php on root and try to visit it on URL, I can visit it. How to disable random PHP to avoid from hackers ? cause my site got down cause someone upload a php script.

Community
  • 1
  • 1
Storm Spirit
  • 1,440
  • 4
  • 19
  • 42
  • Your problem seems to be that people are able to upload random php scripts to your site. Not "vanilla php", whatever that means. Try and find out how it's possible to upload php scripts and fix those security holes. – Sejanus Aug 08 '16 at 06:04
  • I don't have uploader on my site. – Storm Spirit Aug 08 '16 at 06:15

1 Answers1

0

There is no such thing as "vanilla" php. index.php is simply php, and to disable it would disable that as well. Also: If you could find a way to disable everything but index.php, they could simply just overwrite index.php and execute their code.

If you want to protect against hackers, look for the exploits (Where they're getting in), and patch/fix them. If you're using custom plugins, make sure they're up to date. You can also look into scripts like this that will scan files for hacks.

You can also harden PHP by disabling functionality commonly used by hackers (Be careful as this may break existing functionality of your site).

Blue
  • 22,608
  • 7
  • 62
  • 92
  • the index.php is from `laravel` and I don't want other files can be open using like this `localhost/mysite/test.php` – Storm Spirit Aug 08 '16 at 05:54