Hello members,

One of my community members told me that there is a possibility for someone to upload a c99 shell on IPB? 

My website is mostly used for downloads and I want to make sure shells like these are not a problem.

How can I prevent a c99 shell?

Thank you,

GPM

Hello,

1. It's php script.

php extension is unsafe. During uploading the file will be rename to c99_php.SOME_HASH (e.g. c99_php.18b1fc711d365d91b86eca2f8f1c80fc).

So you can not (in most cases (if you don't have "incorrect" configurations)) execute it as php.

2. c99 is old script and use some functions that has been removed in php 7. E.g. set_magic_quotes_runtime

To use IPS 4.4 you need PHP 7.1.0 or above (7.2.0 or above recommended)

So you can not execute script.