Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I have no obvious way of people gaining access so I just dont get it. Could it be a virus? I'm hosted on pickaweb - a decent, reliable UK hosting company.
Getting access to the site could be from a multitude of things e.g, forum signature, email signatures and C.V. Is this also the site you had the old version on ?
When it comes to hacking let's face it, many people don't care what the status of a site is. They often just want to hack. You can be grateful if no damage was done and you have the potential to fix the problem and ensure it doesn't happen again before your site goes live and contains lots of data which may be destroyed/exploited.
The code in question appears to automatically load a page (I would guess a pay per click site where someone is getting payed for directing others to it).
This is all new - nothing from the old site on here.
It's very worrying how somebody has gained access to directly edit my PHP files and upload files to my images directory.
Even though I've fixed the problem, surely if someone's done it one it could keep happening?
What extra measures can I take to prevent this other than having an FTP password (which I am changin as we speak)??? If somebody can FTP to my site they have it all
I'm going to have valuable client information stored on a mysql database on here to and if somebody can access my files they can get my mysql UID and PW and do as they wish to it (I keep backups of course).
Well... Would CVS help track changes? If they really managed to get access via FTP in order to change your site, a CVS repository would allow you to see discrepancies and roll things back.
Ambush Commander wrote:Well... Would CVS help track changes? If they really managed to get access via FTP in order to change your site, a CVS repository would allow you to see discrepancies and roll things back.
Hey you know, that's a cool idea. I haven't used CVS before but you got me thinking on a sweet little project here to monitor my websites (based on the latest "official" version), and correct changes. Could be a bonus for clients too if they know I'll be constantly monitoring activity for them
infolock wrote:that sucks man. how did they gain access? You don't think they coudl have come in through my subdomain do you?
Nah it was before that dude... sorted now anyway.
I did have mwftp sitting on there dormant (but it still requires a password, just possibly has a security flaw in it). I've deleted it anyway and I'm working on a code change monitor which will run a check by cron every 5 mins and fix any altered code, as well as alerting me asap of the details of the attack. I may post a snippet if it would be useful (got a couple of other things on the go so it may be a while).
Another possibility is the host set up. If you're on a shared host it's often the case that anyone else on the same shared server can read any file on the other sites - including passwords in an .htpasswd file.
McGruff wrote:Another possibility is the host set up. If you're on a shared host it's often the case that anyone else on the same shared server can read any file on the other sites - including passwords in an .htpasswd file.
is there any way to prevent this??
if many people know about this, then wouldnt web hosting companies lose their shared hosting deals?
McGruff wrote:Another possibility is the host set up. If you're on a shared host it's often the case that anyone else on the same shared server can read any file on the other sites - including passwords in an .htpasswd file.
is there any way to prevent this??
if many people know about this, then wouldnt web hosting companies lose their shared hosting deals?
I was just to say what McGruff said earlier.
And no. It is solely up to the host admins themselves to secure the serverfarm/box. The users can make it more difficult of course (various of security approaches allready described above) but it all ends on the host's table.
If the host is not secure, nothing is.
I'd report the incident to the host and see if they know something about it. Id the attack was directed ar 100 randomly selected users, there might be several others that still do not know what has happened.
The admin might cover it up not to loose face and then you'll never know. The pro's is that you actually might guide them into something they didn't know and possibly get a discount on the fee's...
McGruff wrote:Another possibility is the host set up. If you're on a shared host it's often the case that anyone else on the same shared server can read any file on the other sites - including passwords in an .htpasswd file.
is there any way to prevent this??
if many people know about this, then wouldnt web hosting companies lose their shared hosting deals?
It helps to have a plan for such incidents. Could be as simple as ...
Making sure your own PC is secure - No Trojans stealing passwords. Updating your AV software. Check your host file. Check your Windows registry. Etc. Etc. Once your sure your PC is secure change all account passwords. Notify your host. Do not delete anything the host will need to see it all. Put up an out of service page if necessary or till you can discover the extents of the damage. Now you can begin investigating the incident and repairing the damage in an orderly manor with your host.
Shared hosting is always risky .. but start by checking your own security first.
Having a plan keeps us from making things worse than they are already.