I have some clients who have some writeable (0777) files on their website. Somehow people are hacking in and adding invisible iframes to the last line of the writeable files.
1. How do they do this?
2. How do I combat it but also leave the files writeable? Will chmoding them 0666 do the tick?
Thanks for your input!
Writeable php files getting hacked
Moderator: General Moderators
This topic placed I would like to point my similar question too.
Why exactly is it bad to have apache(the user apache runs with) writable directory under webroot?
Is this a problem of only shared hosting - someone could create/copy script in your webroot and execute?
File upload attacks possible? or what?
Or there are more tricks into that.
Why exactly is it bad to have apache(the user apache runs with) writable directory under webroot?
Is this a problem of only shared hosting - someone could create/copy script in your webroot and execute?
File upload attacks possible? or what?
Or there are more tricks into that.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Those are the simple holes created on shared hosts if they did not configure their servers well. Upload attacks are possible if you didn't set up the directory or code correctly. The former is mostly up to your host, the latter is entirely your problem.jmut wrote:This topic placed I would like to point my similar question too.
Why exactly is it bad to have apache(the user apache runs with) writable directory under webroot?
Is this a problem of only shared hosting - someone could create/copy script in your webroot and execute?
File upload attacks possible? or what?
Or there are more tricks into that.