Help: Unkown Error caused a deletion of over 700 files!?!

[tzveeka]

Hello,

 

Exteremly needing for help on a site's probable vulnerbillity, I hope some of the experts here can give me a lead since i'm starting to think only sherlock holmes can help me on this one.

 

I'm hosing a local media site (WMV,FLV,Media files) on a huge shared and reliable host.

Since last month I had a directory with about 4000 files and about 25% of them are wmv files.

 

This month i've been getting reports from my users that many of the wmv files give back a 404 not found error, ive created a php check file which reported to me that about 730 WMV files went missing (Deleted), However all the file's information are still listed in the mysql database which gives details on all the site's files.

 

Here are the facts:

1. I have 9 files which use the "unlink" command to delete files, whenever they do so they also delete the SQL information following this file, which is not the case here.

2. These 9 files are heavily protected, and for over 2 years have never created an uninintended file deletion created by hackers or people who want to do damage.

3. Some of the deleted files have been uploaded 3 days and some have been uploaded over a year ago which means this problem continues and is not an induividual instence.

4. the directory which holds all these files is chmoded 777 because of the user php uploading script.

5. from 28 file types listed on the directory Only WMV and 1 PPT file were deleted.

6. I have contacted my host for backup restore but it seems like this problem might reoccur, since i had a 3 file deleting about 3 days ago.

7. Using linux as an host.

8. the accual files are chmodded 644

 

-----------------------------

Any leads and suggestions on these matters might greatly save this community helpfull site:

- What might be causing these files to disappear?

- Is there any way of restoring these files?

- Can one delete files from a chmoded 777 directory without using my 9 protected php scripts, can you please add an example?

 

This error has caused a heavy damages of a couple of monthes work on this site, any help will be greatly appreciated!

 

thanks.

 

 

[redarrow]

Dont no but are you sure it not a script you created deleting the files with the command unlink.......

[tzveeka]

Sure,

 

This site model has been implemented on 4 other sites with over 1000 files, with over 1 year of runtime this hasn't occured on any other site.

 

I just tried the "unlink" on another site to see if one can delete my files from another domain (by mulesting the 777 chmod on the directory) and failed doing so,

this seems like a bit more complicated task then just using unlink("http://www.myaddress.com/folder/file.wmv")

 

PHP says that the file is not found.

 

I tried to look for information on remote file deleting and didnt really find metrials on this matter,  which really intrests me if someone has an example here of how one can delete a file on a 777 chmodded directory in a remote server, via php? or via anything else.

 

Another thought my girlfriend had is that the hosting service might have deleted these files, if so, it might have it on an apachee or system log somewhere - i will also send a ticket to my hosting service on this matter.

 

[DyslexicDog]

I don't want to be rude but this sounds like a very poor design.

 

Your users files shouldn't stay in a directory that is 777    it's just asking for trouble. If anything you should have the upload page call another script that moves the files into a folder that isn't web accessible then have another script that can deliver files from this folder.

[tzveeka]

these are basically public and not classified files, you have made a good suggestion which i will look into in the system's upcomming upgrade - but can one still remove a file from this directory via a remote command?