Jump to content

Recommended Posts

Hi Everyone.

 

My problem:

Some one has been sneaking in to my website hidden Iframes. I've changed passwords & reset permissions to read, but then the permissions get changed to include write and they inject the IFRAMES. I go through this process daily and am tired of it.

 

The challenge:

To write a script that scans the files for permission changes and email me the results. 

 

The solution:

This is what I have so far:

 

[pre]$it = new RecursiveDirectoryIterator("/home/content/e/n/v/<website name>/html/");

foreach(new RecursiveIteratorIterator($it) as $file) {

echo $file . "\n"; echo date ("F d Y H:i:s.", filemtime($file)); echo substr(sprintf('%o', fileperms($file)), -4);

  echo "<br/>";

}

[/pre]

 

I know the ultimate challenge is to secure the website, but until I can figure out how I need a mechanism to

help me cope.

 

Thanks

Link to comment
https://forums.phpfreaks.com/topic/176237-directoryiterator-and-hacked-website/
Share on other sites

is what you got so far echoing what you want? lol

 

if so:

 

<?php
$it = new RecursiveDirectoryIterator("/home/content/e/n/v/<website name>/html/");
ob_start();
foreach(new RecursiveIteratorIterator($it) as $file) {
echo "~\n";
echo $file . "\n"; echo date ("F d Y H:i:s.", filemtime($file)); echo substr(sprintf('%o', fileperms($file)), -4); 
echo "~\n";
}
mail('YourEmail@whatever.com','FileList',ob_get_clean());
?>

Hi Everyone.

 

My problem:

Some one has been sneaking in to my website hidden Iframes. I've changed passwords & reset permissions to read, but then the permissions get changed to include write and they inject the IFRAMES. I go through this process daily and am tired of it.

 

 

Do you store your passwords in your FTP client? If so, you may have a virus on your computer that is sending the passwords to a bot net.

 

Do you use secure FTP or some kind of encrypted FTP? If not, there may be an infected computer on your network that is sniffing your network traffic and sending the passwords to the bot net.

 

I just went through this, and as soon as I used secure FTP the problem stopped. The infected computer on my network was my mom's computer, and she is notorious for getting viruses.

Thanks. 

 

Skunkbad - Indeed I do run an FTP client which stores my passwords and I use AVG free to scan my computer regularly.  But you may be right.  I'll start using WinSCP which uses SSH by default.

 

RussellReal - Thanks for your addition.  I was so close (but yet so faaaaaarrrrrr).

 

I'll try your suggestions and get update the post

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.