2012-04-01, 01:09:30
They gave one last suggestion which was this
"A simple way to remove the ability for attackers to use remote file inclusion is to add a "php.ini" file at the top-level of the website with the following contents - be aware though that the web-site will need testing afterwards to ensure that no legitimate web-site scripted actions have been affected by the change.
------------------------------
The php.ini directives are...
allow_url_include = "0"
allow_url_fopen = "0"
------------------------------"
"A simple way to remove the ability for attackers to use remote file inclusion is to add a "php.ini" file at the top-level of the website with the following contents - be aware though that the web-site will need testing afterwards to ensure that no legitimate web-site scripted actions have been affected by the change.
------------------------------
The php.ini directives are...
allow_url_include = "0"
allow_url_fopen = "0"
------------------------------"
djr.heliohost.org/me