In this discussion, the two sections on Double Extensions are worth reading and implementing. Viart gave us some code for .htaccess that essentially removes the handlers for PHP so that Apache won't just blindly execute anything with a '.php' extension tagged onto the end or middle of a file name. That's helped a lot, and is in perfect synch with the info in these articles, but there's more reading there on how it all works and why you need to check that you're not adding another handler in your .htaccess file that could undo the work Viart gave us.
Ed
buxton161
4 Feb 2013 8:54 PM
umm, I am getting hit every two days, If I am reading correctly, add this to file?
