My Situation:
I am creating a web application with PHP which allows users to scan their files for viruses. It allows the user to upload their files via the html "file" input type or via a URL. I have successfully built the html and PHP side of things and users are able to successfully upload files onto my server. I am using windows server 2012 R2 with IIS as my server.
My Question:
As far as I am aware, There is little to no security in place (both script and server side) to avoid security/attack vulnerabilities on my website or yet worse, on the server its self. I am aware that attackers could potentially upload and executed files that can hack my server. So, What steps can I take to try and eliminate these issues.
Things I Am Aware Of:
Due to the research I conducted, it is to my understanding that I could potentially do the following to strengthen my self, however these are all theories, and I have no idea how to actually put them in place (hence why I am asking):
Restriction on file types (Yes I could potentially block .php files, but as an example - I cannot block common .exe's as the user would most likely scan a executable) What is the correct balance for this sort of service, as limiting too many file types just removes usability
Storing uploaded files in a different drive - My site directory is in the C drive and I have an empty D drive I could use. How do I disable the server from executing anything in the specific drive? How do I stop Hackers from navigating to that drive and executing the uploaded files?
Things I have Tried:
- I have Created a function to rename the file uploaded to a md5 hash of it, with a unique ID at the beginning, so therefore the user cannot identify the file easily.
- Limited file type to remove .php uploads? Perhaps there are others which would be valid for my purpose?
Conclusion:
So essentially, as well as answers to the minor questions above. I am looking for a list of actions I can take to strenghten the application and server, to eliminate any possible threats. Thanks
Code:
As a side note, below you can see my code. Just in case you spot anything serious in there. Or there are extra security which can be added to the code:
PHP:
$upload_directory = "uploads/";
$uploaded_file = $upload_directory . basename($_FILES["file"]["name"]);
$upload_ok = 1;
$image_file_type = pathinfo($uploaded_file, PATHINFO_EXTENSION);
// check for files bigger then 8mb
if($_FILES["file"]["size"] > 8388608){
print "your file exceeds 8mb";
$upload_ok = 0;
exit();
}
// only allow certain file types
if($image_file_type != "jpg" && $image_file_type != "png" && $image_file_type != "jpeg" && $image_file_type != "gif"){
print "invalid file type";
$upload_ok = 0;
exit();
}
// upload it
if($upload_ok != 0){
move_uploaded_file($_FILES["file"]["tmp_name"], $uploaded_file);
}
HTML:
<form method="post" action="index.php" enctype="multipart/form-data">
<label>Select Desired File</label><br>
<input type="file" name="file" id="file">
<input type="submit" name="submit" value="Scan File">
</form>