How to prevent every malicious file upload on my server? (check file type)?

Question

my proble is to avoid that users upload some malicious file on my web-server. Im working on linux environment (debian).

Actually the uploads are handled via php by t

Answer 1

ye, i used to say 'executed' for example-meaning. Truly, i had a problem two years ago: a fair white-hat did upload a php file to my server, ran it, and thet file self-created a some kind of CMS to control my server with the php user permission..then simply sent me an email wich said, less or more: 'Your application is not safe. For demostration, i have dont this and that...'

Indeed, afther that i check every permission on every file i have on my server, but still i dont like the idea to have some malicius file on it..

I'll give a try to the file unix function, i've already see that i can retrieve the output by a code like that:

With some tuning i hope will be safe enaught.

@Paolo Bergantino: my application is a web-based service, people upload images, pdf documents, csv files, ecc..., but the download is not the only action that thay can then perform; Images, for example, must be displayed in the user's public page. The way i think i'll take is that:

1. Upload the File;
2. Check the file type with the file passthru;
3. Delete if is not clear;
4. Else, move it to the user's directory (named with randoms strings)

Thanks to everyone.