Posted: Mon Sep 03, 2007 9:21 pm
If it's a shared hosting environment, it is entirely possible that your server was compromised (via someone elses poor coding), and might not be anything you can do about it.
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Yep, number 2 is more likely. As for number 1 - very unlikely. First my PC is in stealth mode (behind a hardware firewall) and outbound traffic is monitored by a software firewall. Second, I do not frequent Porn or Warez sites, I don't open emails from strangers (this PC does not have email), and Third, I scan my PC regularly for spyware, my anti-virus is updated daily, and I scan for rootkits once or twice a year.VladSun wrote:Most probably it is not the case. Usually, only your FTP user has write access to your files, unless they are chmoded to 0777 permissions. That's why a poor coding problem wouldn't result file modifications. You said that your modified files had 0644 permissions, so it should have been done by your FTP user or by other user with write access (e.g. rootBilly2007 wrote:Agreed. I have updated both php apps - but I still want to understand where the door was, so I can shut it down.Z3RO21 wrote:Sounds to me like a bot exploiting poorly written code that is not properly validating data.).
So, there are two ways it could be done:
1) somebody has access by your FTP user/password (e.g. by using a trojan on you PC);
2) your hosting server has been totally hacked;
I would vote for the second one