justAnoob Posted April 10, 2009 Share Posted April 10, 2009 My site is almost finished. Could a hacker somehow get access to my php files on my server to alter them or upload a script to alter my site??? Just want to be safe. Link to comment https://forums.phpfreaks.com/topic/153511-security-issues/ Share on other sites More sharing options...
ToonMariner Posted April 10, 2009 Share Posted April 10, 2009 yes Link to comment https://forums.phpfreaks.com/topic/153511-security-issues/#findComment-806578 Share on other sites More sharing options...
mrMarcus Posted April 10, 2009 Share Posted April 10, 2009 definitely. i had someone or something access my files on the server and inject hundreds of hidden links into the pages .. over 50% of my pages .. messed up a whole bunch of things. since, i have taken several precautions .. first and foremost (and what i'm sure was the initial problem), was that i now only upload using ssh2 over FTP. haven't had a single problem since. when they inject those links into your pages, it can eventually have you kicked off major search engines. Link to comment https://forums.phpfreaks.com/topic/153511-security-issues/#findComment-806598 Share on other sites More sharing options...
justAnoob Posted April 10, 2009 Author Share Posted April 10, 2009 users will be upload images to my site. as long as i limit the upload script to only accept image files and no to php, html, etc,,,,, shouldn't I be ok???? Link to comment https://forums.phpfreaks.com/topic/153511-security-issues/#findComment-806617 Share on other sites More sharing options...
Yesideez Posted April 10, 2009 Share Posted April 10, 2009 Bottom line is if someone has enough know-how and determination they'll get in no matter what you do. All you can do is implement the best measures you can to make it so difficult that people will give in. Link to comment https://forums.phpfreaks.com/topic/153511-security-issues/#findComment-806619 Share on other sites More sharing options...
ToonMariner Posted April 10, 2009 Share Posted April 10, 2009 there are many issues - is your database secure, are your queries open to injection, do you use user submitted data to include files... there isn't enough time in the day to discuss every potential security flaw and how to best protect your site - you will have to keep good backs - log what people are doing and what they are submitting to your site and monitor - if you identify a problem see how it happened and plug that hole. Link to comment https://forums.phpfreaks.com/topic/153511-security-issues/#findComment-806621 Share on other sites More sharing options...
mrMarcus Posted April 10, 2009 Share Posted April 10, 2009 users will be upload images to my site. as long as i limit the upload script to only accept image files and no to php, html, etc,,,,, shouldn't I be ok???? make sure to set proper directory and file permissions. chomd() is a start. Link to comment https://forums.phpfreaks.com/topic/153511-security-issues/#findComment-806630 Share on other sites More sharing options...
dadamssg Posted April 10, 2009 Share Posted April 10, 2009 where is the best place to start learning how to use ssh2?? i have a site thats almost finished as well, and ive protected against user input, but have no idea where to start to make sure people/computers can access my files Link to comment https://forums.phpfreaks.com/topic/153511-security-issues/#findComment-806708 Share on other sites More sharing options...
mrMarcus Posted April 10, 2009 Share Posted April 10, 2009 first off, your hosting provider has to offer ssh2 access .. there are other secure methods for uploading files to a server .. check out what your host offers and then google or come back here for more information (if necessary). SSH2 is a more secure, efficient, and portable version of SSH that includes SFTP, which is functionally similar to FTP, but is SSH2 encrypted. At Indiana University, UITS has upgraded its central systems to SSH2 (usually the OpenSSH version), and encourages those concerned with secure communications to connect using an SSH2 client Link to comment https://forums.phpfreaks.com/topic/153511-security-issues/#findComment-806712 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.