Security help Trojan.PHP-43
Posted 05 February 2013 - 07:18 AM
Posted 05 February 2013 - 11:14 AM
Some php code was either uploaded, remotely included, or injected into eval'ed content and then executed on the server or an admin password for an application/control panel/ftp was guessed and directly allowed php code to be put onto the server. The original loader script then read and put the Trojan script onto the server. You would need to find the exact method that was used to get the original loader code onto the server and close the hole that allowed it. The web server access log file and any application/control panel/ftp/sql query log files would be the best places to start looking.
Given the name of the Trojan, it's likely that the method of getting it onto the server involved a remotely included file in conjunction with php's register_globals being ON and an older php application that wasn't secure.
Edited by PFMaBiSmAd, 05 February 2013 - 11:18 AM.
- KevinM1 likes this
Debugging step #1: To get past the garbage-out equals garbage-in stage in your code, you must check that the inputs to your code are what you expect.
Programming is just problem solving, but it is done in another language. You must learn enough of the programming language you are using to be able to read and write code.
Posted 05 February 2013 - 12:56 PM
Files that were influenced were mostly wp-conf.php and 2 mail php scripts. Does anyone have knowledge or experience with this Trojan or any tips that could help me resolve this? Also any pointers on aspects of the site that will need to be improved in order to prevent this I.E what weaknesses of a site is normally exploited for this kind of Trojan to breach it? Thank you in advance
Don't use WordPress. It's notoriously bad with security, especially if it's not up-to-date and if you're relying on plugins to do most of the heavy lifting.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users