Jump to content

How the original file is replaced in my server?

sureshp

By sureshp
in PHP Coding Help

 Share

Recommended Posts

sureshp Newbie

sureshp

Posted
Posted

Hi ALL,

 

 

I have a bad situation now. I am running a CMS application in a website and the index file of the application is hacked by someone.

 

Is there any way to hack a file and replace with the new file in the server?

 

The file is having 777 permission since it will be updated updated by the admin on a timely basis.

 

Any ideas on how it is happened?

 

Thanks in advance!

 

 

Link to comment
Share on other sites
sureshp Newbie

sureshp

Posted
  • Author
Posted

HI Thorpe,

 

Thanks for your reply.

 

Is there a way to update a file without giving 777 permission. will 644 work?

Also, Can  you tell me your view on how the hacker did this hack?

 

Thanks,

Suresh P

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

These are some of the ways a file could be modified or replaced -

 

Your hosting account control panel username and password were guessed or otherwise obtained.

 

Your FTP account username and password were guessed or otherwise obtained.

 

The accounts on the web server don't have permissions set to limit access to the files by other accounts.

 

An administrator account on the server has had the username and password guessed or otherwise obtained.

 

Your CMS administrator username and password were guessed or otherwise obtained.

 

One or more of the scripts contains a security hole that allows replacing or changing a file, allows arbitrary php code injection, or allows an un-authenticate person to access the administrator functions. This could be an upload script, an include() statement that accepts a URL as the file to be include, a template system that uses eval() and allows php code to be saved to the template...

 

The web server logs should show the access that wrote to or replaced the file. Without more information from you about what occurred, we can only offer guesses as to how the file was changed.

Link to comment
Share on other sites
sureshp Newbie

sureshp

Posted
  • Author
Posted

Thanks for your guesses.

 

Im guessing that someone overwritten my file from their server by just following up the file path.

 

Is there any server related configurations to allow the hacker to write files from the external server?

 

Thanks!

 

 

 

 

Link to comment
Share on other sites
sureshp Newbie

sureshp

Posted
  • Author
Posted

the attached is the screenshot of the index page after the hacker overwritten my file.

 

I surfed about this through google and found that many websites are hacked by this guy or team.

 

Any Ideas?

 

Thanks!

 

[attachment deleted by admin]

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.