[PHP] server/PHP security
I woke up on thanksgiving morning to find my server hacked through a hole left by a file upload area of my site. I restored the backup and placed a few blocks in place on the server, so they can get in, but they can't get out ;) What I am interested in finding out is what the best way is to make sure that I can rework the upload area to allow upload and download from it while keeping script kiddies from exploiting it again. I can post the scripts (if you are interested in pulling them apart or such) as I have accumulated 3 different versions now, but I am wondering what you guys use currently as standard PHP security and still do file parsing and such. Thanks, Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] server/PHP security
http://www.hardened-php.net/advisory_202005.79.html check this out On 4/6/06, Wolf [EMAIL PROTECTED] wrote: I woke up on thanksgiving morning to find my server hacked through a hole left by a file upload area of my site. I restored the backup and placed a few blocks in place on the server, so they can get in, but they can't get out ;) What I am interested in finding out is what the best way is to make sure that I can rework the upload area to allow upload and download from it while keeping script kiddies from exploiting it again. I can post the scripts (if you are interested in pulling them apart or such) as I have accumulated 3 different versions now, but I am wondering what you guys use currently as standard PHP security and still do file parsing and such. Thanks, Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] server/PHP security
WHat types of files were they, if you dont mind me asking? On 4/6/06, Wolf [EMAIL PROTECTED] wrote: I woke up on thanksgiving morning to find my server hacked through a hole left by a file upload area of my site. I restored the backup and placed a few blocks in place on the server, so they can get in, but they can't get out ;) What I am interested in finding out is what the best way is to make sure that I can rework the upload area to allow upload and download from it while keeping script kiddies from exploiting it again. I can post the scripts (if you are interested in pulling them apart or such) as I have accumulated 3 different versions now, but I am wondering what you guys use currently as standard PHP security and still do file parsing and such. Thanks, Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] server/PHP security
Wolf wrote: What I am interested in finding out is what the best way is to make sure that I can rework the upload area to allow upload and download from it while keeping script kiddies from exploiting it again. I can post the scripts If your scripts are very long, most of us won't take the time to read through all the code. However, we do need a few more details to understand what you're doing, otherwise we can't even make educated guesses about how you were attacked. Can you show or describe to us exactly what you do with a file once it is uploaded? Can you give us a basic overview of the problem you're trying to solve? Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] server/PHP security
They all ended in .rar Files named: b.php.rar jpg.php.rar c99.php.rar Dan McCullough wrote: WHat types of files were they, if you dont mind me asking? On 4/6/06, Wolf [EMAIL PROTECTED] wrote: I woke up on thanksgiving morning to find my server hacked through a hole left by a file upload area of my site. I restored the backup and placed a few blocks in place on the server, so they can get in, but they can't get out ;) What I am interested in finding out is what the best way is to make sure that I can rework the upload area to allow upload and download from it while keeping script kiddies from exploiting it again. I can post the scripts (if you are interested in pulling them apart or such) as I have accumulated 3 different versions now, but I am wondering what you guys use currently as standard PHP security and still do file parsing and such. Thanks, Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] server/PHP security
Is there a certain file type that you are looking for? You could restrict it to that, also you could chown the uploaded files to a no/low privelage user. On 4/6/06, Wolf [EMAIL PROTECTED] wrote: They all ended in .rar Files named: b.php.rar jpg.php.rar c99.php.rar Dan McCullough wrote: WHat types of files were they, if you dont mind me asking? On 4/6/06, Wolf [EMAIL PROTECTED] wrote: I woke up on thanksgiving morning to find my server hacked through a hole left by a file upload area of my site. I restored the backup and placed a few blocks in place on the server, so they can get in, but they can't get out ;) What I am interested in finding out is what the best way is to make sure that I can rework the upload area to allow upload and download from it while keeping script kiddies from exploiting it again. I can post the scripts (if you are interested in pulling them apart or such) as I have accumulated 3 different versions now, but I am wondering what you guys use currently as standard PHP security and still do file parsing and such. Thanks, Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php