sureshp Posted April 29, 2008 Share Posted April 29, 2008 Hi ALL, I have a bad situation now. I am running a CMS application in a website and the index file of the application is hacked by someone. Is there any way to hack a file and replace with the new file in the server? The file is having 777 permission since it will be updated updated by the admin on a timely basis. Any ideas on how it is happened? Thanks in advance! Link to comment https://forums.phpfreaks.com/topic/103402-how-the-original-file-is-replaced-in-my-server/ Share on other sites More sharing options...
trq Posted April 29, 2008 Share Posted April 29, 2008 Don't give files permissions of 777 for starters, 644 usually suffices. And yes, there are many different ways to hack a site, xss (cross site scripting) and sql injections being the most common. Link to comment https://forums.phpfreaks.com/topic/103402-how-the-original-file-is-replaced-in-my-server/#findComment-529526 Share on other sites More sharing options...
sureshp Posted April 29, 2008 Author Share Posted April 29, 2008 HI Thorpe, Thanks for your reply. Is there a way to update a file without giving 777 permission. will 644 work? Also, Can you tell me your view on how the hacker did this hack? Thanks, Suresh P Link to comment https://forums.phpfreaks.com/topic/103402-how-the-original-file-is-replaced-in-my-server/#findComment-529531 Share on other sites More sharing options...
PFMaBiSmAd Posted April 29, 2008 Share Posted April 29, 2008 These are some of the ways a file could be modified or replaced - Your hosting account control panel username and password were guessed or otherwise obtained. Your FTP account username and password were guessed or otherwise obtained. The accounts on the web server don't have permissions set to limit access to the files by other accounts. An administrator account on the server has had the username and password guessed or otherwise obtained. Your CMS administrator username and password were guessed or otherwise obtained. One or more of the scripts contains a security hole that allows replacing or changing a file, allows arbitrary php code injection, or allows an un-authenticate person to access the administrator functions. This could be an upload script, an include() statement that accepts a URL as the file to be include, a template system that uses eval() and allows php code to be saved to the template... The web server logs should show the access that wrote to or replaced the file. Without more information from you about what occurred, we can only offer guesses as to how the file was changed. Link to comment https://forums.phpfreaks.com/topic/103402-how-the-original-file-is-replaced-in-my-server/#findComment-529534 Share on other sites More sharing options...
sureshp Posted April 29, 2008 Author Share Posted April 29, 2008 Thanks for your guesses. Im guessing that someone overwritten my file from their server by just following up the file path. Is there any server related configurations to allow the hacker to write files from the external server? Thanks! Link to comment https://forums.phpfreaks.com/topic/103402-how-the-original-file-is-replaced-in-my-server/#findComment-529570 Share on other sites More sharing options...
sureshp Posted April 29, 2008 Author Share Posted April 29, 2008 the attached is the screenshot of the index page after the hacker overwritten my file. I surfed about this through google and found that many websites are hacked by this guy or team. Any Ideas? Thanks! [attachment deleted by admin] Link to comment https://forums.phpfreaks.com/topic/103402-how-the-original-file-is-replaced-in-my-server/#findComment-529571 Share on other sites More sharing options...
trq Posted April 29, 2008 Share Posted April 29, 2008 Have you looked at the logs as suggested? Link to comment https://forums.phpfreaks.com/topic/103402-how-the-original-file-is-replaced-in-my-server/#findComment-529572 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.