Page 1 of 1

Help Needed!

Posted: Fri Nov 09, 2007 4:04 am
by Mr Bingo
I was hoping somebody could help me.
My php site has been persistently hacked over the last 12 months.
I run an Apache server with both Coldfusion and PHP running as Mods.
Our main site was written in PHP and has been repeatedly hacked by people who have been able to upload their own PHP and image files.
The last lot even left a message to say that they were hacking me to force me to beef up my security.
The coldfusion sites have been left untouched so I think it must be a vulnerability in PHP that is allowing this.
Unfortunately the bad news is that for company reasons I am forced to run my server on Windows 2000.

Does anybody recognise this problem?

I am running Apache 2.059 and PHP 5.1.6 (The only versions that will work with the jrun mod for coldfusion )

Any advice definately apreciated
[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1 wrote:2. Use descriptive subjects when you start a new thread. Vague titles such as "Help!", "Why?" are misleading and keep you from receiving an answer to your question.

Posted: Fri Nov 09, 2007 4:56 am
by Mordred
Sounds like a web app problem. What PHP applications do you have installed, and which of them allow uploading of files? Do you run custom code, or only open source apps? Do you run the latest versions of the OS apps, and have you checked the security mailing lists if there are known vulnerabilities in them?

Posted: Fri Nov 09, 2007 8:08 am
by Zoxive
Sounds like you need to start validating user input. Especially uploaded files.

Posted: Sat Nov 17, 2007 11:44 am
by RobertGonzalez
Please update your description to be a little more descriptive. Thanks.

Re: Help Needed!

Posted: Sat Nov 17, 2007 11:55 am
by superdezign
Mr Bingo wrote:Our main site was written in PHP and has been repeatedly hacked by people who have been able to upload their own PHP and image files.
The last lot even left a message to say that they were hacking me to force me to beef up my security.
Quite obviously, the problem is in the code. Show us some of your uploading code, and we can help you fix the vulnerabilities.