Best way to avoid attack by image update?

3

What is the best way to prevent an image attack? The attacker joins a malicious code in the image and updates the server and executes the code as if it were an image, how to avoid this type of attack?

    
asked by anonymous 25.02.2018 / 17:42

2 answers

0

See: link

This class specializes in handling uploads in PHP, so you can use the image_convert, allowed, and forbidden function before uploading:

    $foo->image_convert = format;
    $foo->allowed = array('application/pdf','application/msword', 'image/*');
    $foo->forbidden = array('application/*');

This ensures that the upload will be an image.

    
25.02.2018 / 20:10
0

Dude is a delicate subject where we will never really be sure until we find out that we have been affected by a new technique, but it is always good to prevent or at least try.

When I started studying, soon after about malicious images, I first tried to find out what it would look like, how it works, I still did not search the way I would like it, but I'll share what I found ...

See how a malicious image works in JavaScript HERE

In my thinking with PHP would not be much different.

Finding Google in search of a supposed quick solution but without proof that this really works, I will still have to test when there is more time left ...

Supposed solution in DevMedia HERE

Go ahead you build your logic or search some scripts that fit your solution.

I always validate the information entered by the user on the front-end and back-end , generate notifications / alerts for suspicious actions since today we are experiencing the era of attacks cybernetic, is part of the evolution, if you find some solution, please share with us = D.

    
04.12.2018 / 18:56