You need to remove their ability to execute scripts.
Heres a couple different ways I do it
Code:
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
This is cool, you are basically categorizing all those scripts extensions so that they fall under the jurisdiction of the -ExecCGI command, which also means -FollowSymLinks
Combine that with
Code:
<Files .htaccess>
order allow,deny
deny from all
</Files>
Then you might try
Code:
Options -ExecCGI -Indexes -All
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD)
RewriteRule .* - [F]
RewriteEngine Off
If you'd rather have .pl, .py, or .cgi files displayed in the browser rather than executed as scripts, simply create a .htaccess file in the relevant directory with the following content:
Code:
RemoveHandler cgi-script .pl .py .cgi
Register
Login
