Hello,
I use K2 frontend edit for the registered members to post their ads. Anyone can register as long as they go through registration process.
I allow the users to write the content and download an image to create their ads. and wonder how easy or difficult for hackers to download the malware into this system. Do you have any recommendation how I can to put some layers of security???
Thank you.

Hi,

K2 allows users to upload an image, a gallery, a video and attachments. K2 will only allow certain file types. However, a registered user can find other ways to upload files to your site. Using an editor like JCE for example which performs file uploads.

So, the answer is simple. You need to find all the possible upload points and apply the proper configuration for each one.

Finally, note that uploading a malicious file is different than executing it. For example a user can create a zip file which contains a malicious file and then add it as an attachment in K2. However, the file cannot get executed while it's inside the archive.

I use JCE editor but I have configured it to show only basic text edit buttons.
As for K2, I configured to make only one image can be uploaded, no gallery or files at frontend editting.

But I am aware that some image files including PDF can wipe out the entire site. A networking plugin that I use along with K2 ensures its safety, saying that "images have their pixel data completely rewritten using resampling".
I wonder K2 uses the same or similar process.

Thanks.

Images uploaded through K2's image tab are using the same method.

thanks!

You 're welcome Victoria :)