How do you prevent this?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

If it's a shared hosting environment, it is entirely possible that your server was compromised (via someone elses poor coding), and might not be anything you can do about it.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Billy2007
Forum Newbie
Posts: 8
Joined: Fri Aug 31, 2007 4:00 pm

Post by Billy2007 »

VladSun wrote:
Billy2007 wrote:
Z3RO21 wrote:Sounds to me like a bot exploiting poorly written code that is not properly validating data.
Agreed. I have updated both php apps - but I still want to understand where the door was, so I can shut it down.
Most probably it is not the case. Usually, only your FTP user has write access to your files, unless they are chmoded to 0777 permissions. That's why a poor coding problem wouldn't result file modifications. You said that your modified files had 0644 permissions, so it should have been done by your FTP user or by other user with write access (e.g. root ;) ).
So, there are two ways it could be done:
1) somebody has access by your FTP user/password (e.g. by using a trojan on you PC);
2) your hosting server has been totally hacked;

I would vote for the second one :)
Yep, number 2 is more likely. As for number 1 - very unlikely. First my PC is in stealth mode (behind a hardware firewall) and outbound traffic is monitored by a software firewall. Second, I do not frequent Porn or Warez sites, I don't open emails from strangers (this PC does not have email), and Third, I scan my PC regularly for spyware, my anti-virus is updated daily, and I scan for rootkits once or twice a year.

but most importantly, why would a hacker go to all the trouble of hacking my computer (which contains links to my bank and where my password and userid could be lifted) all to do a stupid hack that inserted code on one of the pages in my site - how the hell would he even know that it is my site??????
Post Reply