On Jun 7, 2010, at 8:54 AM, Igor Escobar <titiolin...@gmail.com> wrote:

Hi Folks!

The portal for which I work is suffering constant attacks that I feel that is PHP Injection. Somehow the hacker is getting to change the cache files that our system generates. Concatenating the HTML file with another that
have an iframe to a malicious JAR file. Do you have any suggestions to
prevent this action? The hacker has no access to our file system, he is imputing the code through some security hole. The problem is that the portal
is very big and has lots and lots partners hosted on our estructure
structure. We are failing to identify the focus of this attacks.

Any ideas?

Igor Escobar
Systems Analyst & Interface Designer

+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)

Can you implement a simple form dump process that would catch the form name an the data being entered and save that? That would allow you to at least see what script has the hole as you trap it.


Sent from my iPod

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to