Jump to content

File write attack

Sarah_au

By Sarah_au
in PHP Coding Help

 Share

Recommended Posts

Sarah_au Newbie

Sarah_au

Posted
Posted

Hi there,

someone is hacking my site and appending a jquery to all html and php files in the public_html directory.

 

They are also appending to files in any new addon domain directories but not those that were already there when they started so it seems to me as if they don't actually have access to the directory structure or they just can't be bothered.

 

My webhost can't or won't help so is there any way I can find how the hacker is getting in to do the append?

 

I don't even know what the jquery does as it is encrypted.  All I know is that when he has done it my firewall stops stuff from my computer trying to access the net.  I have seen the words google and ebay but have no idea what is happening.

Link to comment
https://forums.phpfreaks.com/topic/143931-file-write-attack/
Share on other sites
s0c0 Regular Member

s0c0

Posted
Posted

They are performing some sort of XSS attach on you most likely.  I would first change your FTP password, verify that write and execute permissions on the directory are disabled for the public group (leave them enabled for owner).

 

Next do you have some sort of uploader on your site?  If thats how they are posting the files, then disallow any .js file from being uploaded.  Also do some searching for free classes that protect your site from XSS attacks and validate all your input through that filter.  More details would be nice.

Link to comment
https://forums.phpfreaks.com/topic/143931-file-write-attack/#findComment-755266
Share on other sites
Sarah_au Newbie

Sarah_au

Posted
  • Author
Posted

They are performing some sort of XSS attach on you most likely.  I would first change your FTP password, verify that write and execute permissions on the directory are disabled for the public group (leave them enabled for owner).

 

I have no idea what an XSS attack is  The directory permission is 755 and has to be for php scripts to work else it throughs out an error 500.

 

Next do you have some sort of uploader on your site?  If thats how they are posting the files, then disallow any .js file from being uploaded.  Also do some searching for free classes that protect your site from XSS attacks and validate all your input through that filter.  More details would be nice.

 

I might have an image uploader somewhere but they are not uploading files as I said in my post they are appending to existing files.

I am worried that if I simply block them writing to the files they will delete everything if I can't find out how they are getting in.

Link to comment
https://forums.phpfreaks.com/topic/143931-file-write-attack/#findComment-755362
Share on other sites
premiso Regular Member

premiso

Posted
Posted

On your site, is there anywhere that you write to a file or include a file from GET data?

 

Changing the FTP password is just a security measure. They can modify a file, etc.

 

Let me know on my questions of the writing to a file/include. If that is being done, please post relevant code.

Link to comment
https://forums.phpfreaks.com/topic/143931-file-write-attack/#findComment-756220
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.