Halp File Upload Script

Jonny_B

Erect Member
Oct 14, 2004
9,162
25
41
Marklar
76.13₥
Can anyone recommend a good file uploader script? Looking for password protected access (I can use .htaccess as long as that won't break the script), multiple file upload, and directory listing of uploaded files.
 

Josh

Biff Clurton
Oct 9, 2006
6,531
2,553
273
37
Marklar
6,122.72₥
I'd stay away from celerondude's script. It hasn't been updated in several years and has several known security vulnerabilities possibly leading to full root on the server it is installed on (depending on the security of the server). You'd be amazed how many script kiddies and bots hammer my webhost daily looking for the script and its vulnerabilities.
 

fly

Osharts 11
Oct 1, 2004
67,520
19,787
1,073
Marklar
46,624.23₥
Steam
mattressfish
I'd stay away from celerondude's script. It hasn't been updated in several years and has several known security vulnerabilities possibly leading to full root on the server it is installed on (depending on the security of the server). You'd be amazed how many script kiddies and bots hammer my webhost daily looking for the script and its vulnerabilities.
I know the older versions had some serious issues. You sure about the "latest" one?

edit: They have an active-ish forum, and no mention of security issues...
 
Last edited:

plot

Morning Boehner
Oct 16, 2006
20,015
4,145
323
kansas city
Marklar
1,877.10₥
most of the security vulnerabilities i'm aware of were php issues more than celerondudes scripts issues, which have long since been fixed. if you're running a server from 2005, you might want to check it... otherwise, I've had the script going on my website for a long time and outside of the issues 6+ years ago, havn't had any problems since.

back then i got rooted a few times but i blame one of the random dudes on genmay with cheap hosting co's and i lost nothing in the process, just script kiddies defacing the main page (but where nice enough to create a backup).

I consider it a pretty low risk these days.
 

fly

Osharts 11
Oct 1, 2004
67,520
19,787
1,073
Marklar
46,624.23₥
Steam
mattressfish
most of the security vulnerabilities i'm aware of were php issues more than celerondudes scripts issues, which have long since been fixed. if you're running a server from 2005, you might want to check it... otherwise, I've had the script going on my website for a long time and outside of the issues 6+ years ago, havn't had any problems since.

back then i got rooted a few times but i blame one of the random dudes on genmay with cheap hosting co's and i lost nothing in the process, just script kiddies defacing the main page (but where nice enough to create a backup).

I consider it a pretty low risk these days.
MADE2OWN FOR LIFE
 

Jonny_B

Erect Member
Oct 14, 2004
9,162
25
41
Marklar
76.13₥
most of the security vulnerabilities i'm aware of were php issues more than celerondudes scripts issues, which have long since been fixed. if you're running a server from 2005, you might want to check it... otherwise, I've had the script going on my website for a long time and outside of the issues 6+ years ago, havn't had any problems since.

back then i got rooted a few times but i blame one of the random dudes on genmay with cheap hosting co's and i lost nothing in the process, just script kiddies defacing the main page (but where nice enough to create a backup).

I consider it a pretty low risk these days.
are you using the 6.1 version that's still freely available, or one of the later versions that appear to be gated?
 

Josh

Biff Clurton
Oct 9, 2006
6,531
2,553
273
37
Marklar
6,122.72₥
6.1

If you do insist on running the uploader, I highly suggest disabling public account creation. I had some Saudi retards upload h4x.php.gif and shit like that the server I used to have the uploader script on. I don't know how public uploaders can stay public without being hosed every 5 minutes by script kiddies, even with insane security controls.
 

plot

Morning Boehner
Oct 16, 2006
20,015
4,145
323
kansas city
Marklar
1,877.10₥
6.1

some a-holes took celeron's free script and then expected full support for it, threatened to sue him when they failed to implement it correctly or something... hence him dropping the project. not sure what the latest versions add, 6.1 is fully functional.

i only use it for a private uploader, don't know how it handles having users register/abuse there.