Sitecore Tip #2: Disable Sitecore UploadWatcher
The UploadWatcher monitors the \Website\upload folder and uploads file placed in it into the Media Library. While this can be very handy in Content Management environments (for instance, having pictures automatically copied into the \Website\upload folder by a script), it may cause a security risk in publicly accessible Content Delivery environments, therefore, it must be disabled if not used.
In order to disable the UploadWatcher just remove the <add type=”Sitecore.Resources.Media.UploadWatcher, Sitecore.Kernel” name=”SitecoreUploadWatcher” /> from configuration/system.webServer/modules in IIS7+ (httpModules in IIS6).
In cases when the UploadWatcher is used, make sure to configure the Upload Filter to control which file types are allowed to be uploaded.