0

Last year I have allowed to users upload image files and pdf to ASP.NET site. After only one week the server was infected with viruses an infected files.

After research and month and trying lots of kinds of validations and advices i came to conclusion that there is nothing in my power as code developer that will track and filter the infected files.

Than i came to conclusion that I should use external server to maintain only the files, rather on the same server of the ASP.NET application.

I would like to use a server or host that will protect the files and will not allow infected files to be uploaded. instead of handling the security myself. I need that the server will allow to upload files from ASP.NET site, and to be able to download them by calling to the file by name and url maybe. Is there such services? what exactly i should look for?

Alexxx
  • 299
  • 1
  • 2
  • 9
  • "i came to conclusion that there is nothing in my power" well I do not know how you use the files after the upload, but you can avoid the infection of your server – Aristos Mar 17 '19 at 12:42
  • How? will be a huge deal for me if you reveal your best way for that – Alexxx Mar 17 '19 at 20:34
  • take a look at this answer -> https://stackoverflow.com/questions/4288362/ive-been-hacked-evil-aspx-file-uploaded-called-aspxspy-theyre-still-trying/4289379#4289379 – Aristos Mar 18 '19 at 12:01
  • also, the files you upload, what you do them later ? its up to you if will be "run" or they just data (image/text files) – Aristos Mar 18 '19 at 12:01
  • The files are images and pdfs - scanned documents, later they will be viewed – Alexxx Mar 18 '19 at 13:03
  • we found virus files with .jpg and .pdf extensions, i found no way to determine if files are infected before uploading them to server. – Alexxx Mar 18 '19 at 13:06
  • and how this files are run and infect anything ? – Aristos Mar 18 '19 at 14:42
  • each file has name and user can call each file to view it. some of files was a viruses that later was found by antivirus as infected - file look like regular file name.jpg – Alexxx Mar 22 '19 at 05:39
  • Ok, the view of a file, it may crash the functions that try to view it, but can not run, and not affect the server even if they have virus. its up to you to handle that files and avoid and block to run them. Also you can use some antivirus to check them right after you upload them. – Aristos Mar 22 '19 at 12:36

0 Answers0