Jump to content

DirectoryIterator and Hacked Website

Savvy95

By Savvy95
in PHP Coding Help

 Share

Recommended Posts

Savvy95 Newbie

Savvy95

Posted
Posted

Hi Everyone.

 

My problem:

Some one has been sneaking in to my website hidden Iframes. I've changed passwords & reset permissions to read, but then the permissions get changed to include write and they inject the IFRAMES. I go through this process daily and am tired of it.

 

The challenge:

To write a script that scans the files for permission changes and email me the results. 

 

The solution:

This is what I have so far:

 

[pre]$it = new RecursiveDirectoryIterator("/home/content/e/n/v/<website name>/html/");

foreach(new RecursiveIteratorIterator($it) as $file) {

echo $file . "\n"; echo date ("F d Y H:i:s.", filemtime($file)); echo substr(sprintf('%o', fileperms($file)), -4);

  echo "<br/>";

}

[/pre]

 

I know the ultimate challenge is to secure the website, but until I can figure out how I need a mechanism to

help me cope.

 

Thanks

Link to comment
https://forums.phpfreaks.com/topic/176237-directoryiterator-and-hacked-website/
Share on other sites
RussellReal Member

RussellReal

Posted
Posted

is what you got so far echoing what you want? lol

 

if so:

 

<?php
$it = new RecursiveDirectoryIterator("/home/content/e/n/v/<website name>/html/");
ob_start();
foreach(new RecursiveIteratorIterator($it) as $file) {
echo "~\n";
echo $file . "\n"; echo date ("F d Y H:i:s.", filemtime($file)); echo substr(sprintf('%o', fileperms($file)), -4); 
echo "~\n";
}
mail('YourEmail@whatever.com','FileList',ob_get_clean());
?>

sKunKbad Advanced Member

sKunKbad

Posted
Posted

Hi Everyone.

 

My problem:

Some one has been sneaking in to my website hidden Iframes. I've changed passwords & reset permissions to read, but then the permissions get changed to include write and they inject the IFRAMES. I go through this process daily and am tired of it.

 

 

Do you store your passwords in your FTP client? If so, you may have a virus on your computer that is sending the passwords to a bot net.

 

Do you use secure FTP or some kind of encrypted FTP? If not, there may be an infected computer on your network that is sniffing your network traffic and sending the passwords to the bot net.

 

I just went through this, and as soon as I used secure FTP the problem stopped. The infected computer on my network was my mom's computer, and she is notorious for getting viruses.

Savvy95 Newbie

Savvy95

Posted
  • Author
Posted

Thanks. 

 

Skunkbad - Indeed I do run an FTP client which stores my passwords and I use AVG free to scan my computer regularly.  But you may be right.  I'll start using WinSCP which uses SSH by default.

 

RussellReal - Thanks for your addition.  I was so close (but yet so faaaaaarrrrrr).

 

I'll try your suggestions and get update the post

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.