Get started with PHP-Fusion

Start a New Thread

Users Participated

  • Wanabo
    Post made: 2
  • Kvido
    Post made: 1
  • Chan
    Post made: 1
  • Harlekin
    Post made: 1
  • zizub
    Post made: 2
  • filip212
    Post made: 1
  • RobiNN
    Post made: 2

  1. PHP-Fusion Support Forums
  2. PHP-Fusion 7 Support
  3. Security Issues & Announcements

PHP-Fusion 9 and 7 Security Announcements regarding ImageMime Exploits.

All information related to security, patches, hacked sites, tips, goes here

9 Replies 1,223 Views Last Updated on 22 days ago

Chan


Super Admin

#1

Posted 7 months ago

I'm strongly advising all sites on Fusion 7 and 9 to immediately update on these values to your .htaccess file soonest possible.
Code Gist: Download source  


ForceType application/octet-stream
<FilesMatch "(?i).jpe?g$">
    ForceType image/jpeg
</FilesMatch>
<FilesMatch "(?i).gif$">
    ForceType image/gif
</FilesMatch>
<FilesMatch "(?i).png$">
    ForceType image/png
</FilesMatch>

Posts: 3392

Joined: 25/09/2007

zizub


Member

#2

Posted 7 months ago

Chan - Thanks for the advice.

Posts: 92

Joined: 02/05/2012

RobiNN


Member

#3

Posted 7 months ago

Without this code
Code Gist: Download source  

ForceType application/octet-stream


Only this
Code Gist: Download source  


<FilesMatch "(?i).jpe?g$">
    ForceType image/jpeg
</FilesMatch>
<FilesMatch "(?i).gif$">
    ForceType image/gif
</FilesMatch>
<FilesMatch "(?i).png$">
    ForceType image/png
</FilesMatch>

Posts: 69

Joined: 10/11/2014

Wanabo


Senior Member

#4

Posted 7 months ago

With ForceType application/octet-stream in .htaccess it seems to block css. Site looks like no css is loaded.
Without ForceType application/octet-stream site is OK.

Does the rest of the htaccess work correctly without ForceType application/octet-stream in htaccess?
pHp-Fusion.Org, mods to enhance php-fusion.
pHp-Fusion.Asia & pHp-Fusion.Fr & pHp-Fusion.Cn are available for a localized support community. Send PB for info.

Posts: 499

Joined: 06/02/2006

zizub


Member

#5

Posted 7 months ago

My htaccess with ForceType application / octet-stream and my site is OK. Css working.

Posts: 92

Joined: 02/05/2012

Wanabo


Senior Member

#6

Posted 7 months ago

Double check with browser cache emptied! Initially I didn't notice because css was cached, after flushing cache I noticed.

Posts: 499

Joined: 06/02/2006

Kvido


Senior Member

#7

Posted 7 months ago

Writing in my .htaccess works. OK.

Posts: 440

Joined: 01/08/2007

filip212


Newbie

#8

Posted 24 days ago

in my htaccess doesnt work ok without is ok

Posts: 8

Joined: 18/09/2014

Harlekin


Junior Member

#9

Posted 23 days ago

1. .htaccess do not work on Windows Server, what can i do
2 . i found no .htaccess in PHP Fusion 7.02.07

Posts: 28

Joined: 22/03/2011

RobiNN


Member

#10

Posted 22 days ago

.htaccess does not work on Windows Server because is only for servers based on Apache. You must convert .htaccess to Web.config.

Posts: 69

Joined: 10/11/2014

Jump to Forum:
19 users are online
0 member and 19 guests