The core question is not “Can I stop users from uploading executable files to the webserver?”. Users introduce a set of variables that you cannot really control.
The core question is “Can I stop my server from executing user content?”. You control the server, so this goal is actually attainable.
As discussed elsewhere, having the files_dir
exposed to the web is a clear vector for a malicious user executing arbitrary content:
- User uploads an executable file
- User requests executable file over the web
- Server executes file based on the web request
This can be mitigated by either:
- Ensuring uploads cannot be requested over the web (e.g. moving the
files_dir
outside of webroot) - Ensuring the webserver cannot execute files (e.g. disabling executable handlers for
files_dir
)
If compromised, a clean server installation is required to ensure that no additional attack vector was installed within the initial attack.