diff --git a/contents/writing/about/php-stop-malicious-image-uploads/index.md b/contents/writing/about/php-stop-malicious-image-uploads/index.md
new file mode 100644
index 0000000..1a71056
--- /dev/null
+++ b/contents/writing/about/php-stop-malicious-image-uploads/index.md
@@ -0,0 +1,77 @@
+---
+title: PHP - Stop Malicious Image Uploads
+author: Brett Langdon
+date: 2012-02-01
+template: article.jade
+---
+
+Quick and easy trick for detecting and stopping malicious image uploads to PHP.
+
+---
+
+Recently I have been practicing for the upcoming NECCDC competition and have
+come across a few issues that will need to be overcome, including how to stop
+malicious image uploads.
+
+I was reading
+<a href="http://www.acunetix.com/websitesecurity/upload-forms-threat.htm" target="_blank">this</a>
+article on
+<a href="http://www.acunetix.com/" target="_blank">Acunetix.com</a>
+about the threats of having upload forms in PHP.
+
+The general idea behind this exploit for Apache and PHP is when a user can
+upload an image whose content contains PHP code and the extension includes
+‘php’ for example an image ‘new-house.php.jpg’ that contains:
+
+```
+... (image contents)
+<?php phpinfo(); ?>
+... (image contents)
+```
+
+When uploaded and then viewed Apache, if improperly setup, will process the
+image as PHP, because of the ‘.php’ in the extension and then when accessed
+will execute malicious code on your server.
+
+## My Solution
+
+I was trying to find a good way to remove this issue quickly without opening
+more security holes. I have seen some solutions that use the function
+<a href="http://us2.php.net/manual/en/function.getimagesize.php" target="_blank">getimagesize</a>
+to try and determine if the file is an image, but if the malicious code is
+injected into the middle of an actual image this function will still return
+the actual image size and the file will validate as an image. The solution I
+came up with is to explicitly convert each uploaded image to a jpeg using
+<a href="http://us2.php.net/manual/en/function.imagecreatefromjpeg.php" target="_blank">imagecreatefromjpeg</a>
+and
+<a href="http://us2.php.net/manual/en/function.imagejpeg.php" target="_blank">imagejpeg</a>
+functions.
+
+```php
+<?php
+$image = imagecreatefromjpeg( './new-house.php.jpeg' );
+imagejpeg( $image, './new-house.php.jpeg' );
+```
+
+If the original image contains malicious code an error will be thrown and
+`$image` will not contain an image. This is a way to try and sanitize the
+image. This code can also be embellished where if the image is invalid then
+an image is still created and uploaded.
+
+```php
+<?php
+//@ to quite the possible error from this.
+$image = @imagecreatefromjpeg( './new-house.php.jpg' );
+
+if( !$image ):
+    $image = imagecreate(100,20);
+    $greenish = imagecolorallocate( $image, 180,200,180 );
+    imagefill( $image, 0, 0, $greenish );
+    $black = imagecolorallocate( $image, 0,0,0 );
+    imagestring( $image, 1, 5, 5, 'No.. No..', $black );
+endif;
+
+imagejpeg( $image, './new-house.php.jpg' );
+```
+
+Enjoy.