-----Original Message----- From: Ken Robinson [mailto:kenrb...@rbnsn.com] Sent: 19 September 2013 01:52 PM To: <a...@dotcontent.net> Cc: <php-general@lists.php.net> Subject: Re: [PHP] Apache's PHP handlers
Check you .htaccess file. The hackers could have modified it to allow that type of file to be executed. I had some that modified my .htaccess file to go to a spam site when my site got a 404 error. That was nasty. Ken Sent from my iPad On Sep 19, 2013, at 7:35 AM, "Arno Kuhl" <a...@dotcontent.net> wrote: > For the past week I've been trying to get to the bottom of an exploit, > but googling hasn't been much help so far, nor has my service provider. > Basically a file was uploaded with the filename xxx.php.pgif which > contained nasty php code, and then the file was run directly from a > browser. The upload script used to upload this file checks that the > upload filename doesn't have a .php extension, which in this case it > doesn't, so let it through. I was under the impression apache would > serve any file with an extension not listed in its handlers directly > back to the browser, but instead it sent it to the php handler. Is > this normal behaviour or is there a problem with my service provider's > apache configuration? Trying this on my localhost returns the file > contents directly to the browser as expected and doesn't run the php code. > > > > Cheers > > Arno > S Hi Ken, .htaccess wasn't modified, this file was just uploaded and run. So far all my service provider has told me is it was because the filename contained ".php" in the filename, even though it's not the extension, and that's the reason apache sent it to the php handler. I'm sure that can't be right, otherwise it would be open to all sorts of exploits. Cheers Arno -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
