Malicious file uploading is a type of attack that involves placing files onto a server or computer in such a way that they contain some form of backdoor code that will allow the attacker to gain access afterward. These types of attacks usually take advantage of misconfigured web applications and therefore most modern web frameworks include protection features to avoid this vulnerability in their software design.
What is the danger of letting your users upload files?
The dangers can vary depending on which website or framework you are using but there are generally two different kinds:
- Websites with a high-traffic volume are usually the most vulnerable to this attack as they have a greater chance of being targeted. Since these sites can be accessed by many users per day, they become popular targets for hackers looking to compromise the server and steal passwords or sensitive information from it. If you have a site with user uploads enabled, your website might find itself being used as part of a botnet if has been compromised with malware that is allowed to continue running on it without detection or intervention from an administrator.
- In cases where websites do not run any heavy scripts such as PHP or CGI, attackers tend to focus on uploading malicious files containing virus code instead. These types of files can spread the infection across the network and every computer that your website visitors might have access to. This can be especially dangerous if you run a publicly available file server or any kind of software distribution website.
How do such attacks happen?
Most attacks happen because of a lack of security on websites with user uploads enabled. Popular sites like YouTube and Photobucket tend to implement very strict security measures which means they don’t make for very good targets. Attackers usually focus more on smaller, less popular sites because there is a higher chance the owner won’t know about these kinds of vulnerabilities and will let users upload content without any restrictions.
What can I do to protect myself from such an attack?
The best way to protect yourself from this type of attack is to only allow uploads from trusted users. This might sound like a bad idea because you will need to provide some sort of registration process, but, it isn’t much different from what already exists on most popular websites today.
Another important thing to do is run regular security audits on your website and identify any possible files that don’t belong there. If they are uploaded by mistake or contain random code, chances are you will find them quickly by reviewing weblogs and access records. Even if one does get through, you will be able to delete it before any damage can be done, which makes this method more than adequate for smaller websites without many visitors.
How can I avoid uploading files with harmful code?
The best way to avoid uploading files with harmful code is to use an antivirus scanner. You don’t even need one that’s specifically designed for web servers since they tend to be much more resource heavy than your average desktop application. A few of the most popular ones are AVG, Avast and Bitdefender which perform just as well against this type of attack as their larger counterparts.
What can I do if I find a backdoor in one of my uploaded files?
This really depends on how you were compromised in the first place but usually deleting the file should be enough to remove any malware or virus code associated with it. You might want to take some additional steps afterward by updating the virus definition database of your antivirus scanner and making sure all software on the system has been patched with the latest security updates.