Page 1 of 1
Writeable php files getting hacked
Posted: Mon Jan 29, 2007 10:11 pm
by Mr Tech
I have some clients who have some writeable (0777) files on their website. Somehow people are hacking in and adding invisible iframes to the last line of the writeable files.
1. How do they do this?
2. How do I combat it but also leave the files writeable? Will chmoding them 0666 do the tick?
Thanks for your input!
Posted: Mon Jan 29, 2007 10:25 pm
by feyd
Is it a shared server? That's how.
Having it set to 6 or 7 for the owner (creator) is all that's needed if you have PHP generate the file, however the PHP file may be helping them write arbitrary information to it. I would recommend having the data stored in a database though.
Posted: Mon Jan 29, 2007 10:31 pm
by Mr Tech
So if I set the files to 744, it would stop this from happening?
Posted: Mon Jan 29, 2007 10:40 pm
by feyd
If PHP created it, you shouldn't need any bits set on any of the other permissions apart from owner.
Posted: Tue Jan 30, 2007 12:21 am
by jmut
This topic placed I would like to point my similar question too.
Why exactly is it bad to have apache(the user apache runs with) writable directory under webroot?
Is this a problem of only shared hosting - someone could create/copy script in your webroot and execute?
File upload attacks possible? or what?
Or there are more tricks into that.
Posted: Tue Jan 30, 2007 1:06 am
by feyd
jmut wrote:This topic placed I would like to point my similar question too.
Why exactly is it bad to have apache(the user apache runs with) writable directory under webroot?
Is this a problem of only shared hosting - someone could create/copy script in your webroot and execute?
File upload attacks possible? or what?
Or there are more tricks into that.
Those are the simple holes created on shared hosts if they did not configure their servers well. Upload attacks are possible if you didn't set up the directory or code correctly. The former is mostly up to your host, the latter is entirely your problem.
