protect server

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ibm1234
Forum Newbie
Posts: 2
Joined: Wed Jun 11, 2008 3:19 pm

protect server

Post by ibm1234 »

how to prevent access to my server? because my file [index.php] was changed..
and how to modify php.ini?? bcos i want to turn on safe_mode
hansford
Forum Commoner
Posts: 91
Joined: Mon May 26, 2008 12:38 am

Re: protect server

Post by hansford »

you host and their little gremlins have access as well as anyone who knows your login info. As far as turning safe mode on. Most hosts have safe mode on by default. I cannot modify this in my php.ini - they wont allow this. the php.ini will be in your root or in some dir that the host setup.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: protect server

Post by superdezign »

ibm1234 wrote:how to prevent access to my server? because my file [index.php] was changed..
Talk to your service providers. It's their responsibility jus as much as your to keep hackers at bay.
ibm1234 wrote:and how to modify php.ini?? bcos i want to turn on safe_mode
Safe mode can't save you now. :P
Hopefully these questions are unrelated. Otherwise, you have a false conception of what safe_mode does.
ibm1234
Forum Newbie
Posts: 2
Joined: Wed Jun 11, 2008 3:19 pm

Re: protect server

Post by ibm1234 »

what should i do if somene has been changed my file??
its useless if i rewrite the file as same as bfore.. theyll do the same thing again..
T_T :banghead: :banghead:
any solution??
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: protect server

Post by Mordred »

You must find out how it happened. The most common way to do that is to install a troyan on your machine, sniff your FTP password, and then modify whatever they want. It will help if you show us what modifications were made, and if anything shows in the access logs. Try restoring your index.php and then browse the site a bit, access it some times with FTP and see when it will be modified again.
hansford
Forum Commoner
Posts: 91
Joined: Mon May 26, 2008 12:38 am

Re: protect server

Post by hansford »

call your HOST they can change your userid & password or they have a manage HOST page which allows you to do this.. Do not give this info out unless you implicitely trust them. Do Not run scripts that has this info. Do a virus scan on your OS. There are hackers out there that are better than us at getting this information. If it happens again-after making these changes-call your HOST. They have a server go down and you make changes before they do their backup, then your old page will be whats left. - rare. very.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: protect server

Post by Benjamin »

First thing I would check are any file upload forms or third party script vulnerabilities.
taramichael
Forum Newbie
Posts: 4
Joined: Mon Jun 02, 2008 6:53 am

Re: protect server

Post by taramichael »

Is PHP codes are protecting the Servers?






cheap web hosting
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: protect server

Post by Benjamin »

Hey it's the spammer again.
hansford
Forum Commoner
Posts: 91
Joined: Mon May 26, 2008 12:38 am

Re: protect server

Post by hansford »

LMAO! as if we don't get enough of that in our lives.
Post Reply