|
Re: Very Very experienced PHP programmer , HELP needed
Originally Posted by Wendy
(Post 5886370)
Secure File Transfer Protocol http://en.wikipedia.org/wiki/SSH_fil...ol#SFTP_client
I had to convert as mine was hacked too :mad:
Originally Posted by themerlin
(Post 5886383)
You on a linux box, what permissions are the file.
If done correctly apache runs as web or nobody and this user should not be able to edit your files. changing to https probably won't make a difference. You can PM me if you like, worked on apache support a while ago, if it's a windows box then you deserve to get hacked lol I cant see how this person has access, its baffling us. Unless theres a backdoor route in. Son is the coding whizzkid.. so will ask him when he gets in, and see what the go is. Im pretty sure, somehow and somewhere there is some security compromise, within our own code... its like finding a needle in a haystack. Will report back, cheers mate |
Re: Very Very experienced PHP programmer , HELP needed
If you make sure only root can write to the files it should be sorted.
Originally Posted by Timber Floor Au
(Post 5886414)
Yer its Linux. Running Apache. I cant see how this person has access, its baffling us. Unless theres a backdoor route in. Son is the coding whizzkid.. so will ask him when he gets in, and see what the go is. Im pretty sure, somehow and somewhere there is some security compromise, within our own code... its like finding a needle in a haystack. Will report back, cheers mate |
Re: Very Very experienced PHP programmer , HELP needed
Putty *is* an ssh implementation. IIRC sftp is a separate application from Putty or Unix-based ssh applications.
You might get better answers if you post this in The Lab, where all the geeks hang out. Including me. :o |
Re: Very Very experienced PHP programmer , HELP needed
Putty *is* an ssh implementation. You might get better answers if you post this in The Lab, where all the geeks hang out. Including me.
Originally Posted by themerlin
(Post 5886430)
If you make sure only root can write to the files it should be sorted.
|
Re: Very Very experienced PHP programmer , HELP needed
Yep but not 777!
public should only have read access to the files.
Originally Posted by Timber Floor Au
(Post 5886439)
Will do !!! Just prefer familiarity :)
Do ya mean file permissions , as in 644 777 etc? |
Re: Very Very experienced PHP programmer , HELP needed
Originally Posted by snowbunny
(Post 5886435)
Putty *is* an ssh implementation. IIRC sftp is a separate application from Putty or Unix-based ssh applications.
You might get better answers if you post this in The Lab, where all the geeks hang out. Including me. :o
Originally Posted by themerlin
(Post 5886478)
Yep but not 777!
public should only have read access to the files. The header.php file is actually set to 644 ! Then each day, its back to 777 ! ( yet after doing initial permission changes, we check and 644 it is ) Go figure...someones being very very norty ! |
Re: Very Very experienced PHP programmer , HELP needed
who owns the file? And who does apache run as ?
Originally Posted by Timber Floor Au
(Post 5886488)
Yer we have all files and permissions set appropriately.
The header.php file is actually set to 644 ! Then each day, its back to 777 ! ( yet after doing initial permission changes, we check and 644 it is ) Go figure...someones being very very norty ! |
Re: Very Very experienced PHP programmer , HELP needed
Originally Posted by themerlin
(Post 5886499)
who owns the file?
|
Re: Very Very experienced PHP programmer , HELP needed
What user? The user that apache runs as shouldn't be able to change the file.
Originally Posted by Timber Floor Au
(Post 5886502)
we do
|
Re: Very Very experienced PHP programmer , HELP needed
Originally Posted by themerlin
(Post 5886515)
What user? The user that apache runs as shouldn't be able to change the file.
If we go in via ftp, using root user and root pass, we can modify any file. Have we got access permissions wrong? :confused: |
Re: Very Very experienced PHP programmer , HELP needed
not sure :)
Basically when you start apache it forks child process that actually process the requests from the outside world. There is a setting in your httpd.conf file that sets the user to fork the processes as, it's normally nobody. Nobody should not be able to do anything other then read files. That way if there is a hole in apache the hacker could only be in as nobody and not be able to do much damage. I don't think they have your root password or they would do more then change the header :)
Originally Posted by Timber Floor Au
(Post 5886520)
Now im somehwat lost. lol
If we go in via ftp, using root user and root pass, we can modify any file. Have we got access permissions wrong? :confused: |
Re: Very Very experienced PHP programmer , HELP needed
Originally Posted by themerlin
(Post 5886544)
not sure :)
Basically when you start apache it forks child process that actually process the requests from the outside world. There is a setting in your httpd.conf file that sets the user to fork the processes as, it's normally nobody. Nobody should not be able to do anything other then read files. That way if there is a hole in apache the hacker could only be in as nobody and not be able to do much damage. I don't think they have your root password or they would do more then change the header :) Will check httpd files !! |
Re: Very Very experienced PHP programmer , HELP needed
Restart apache, and make sure that all httpd process have the new/later start time and that they are running as nobody.
do netstat -a and see what comms is there incase there is a perm comms backdoor into the box |
Re: Very Very experienced PHP programmer , HELP needed
Originally Posted by datamile
(Post 5886628)
Restart apache, and make sure that all httpd process have the new/later start time and that they are running as nobody.
do netstat -a and see what comms is there incase there is a perm comms backdoor into the box Respect ! ^5 to both of yas ( well everyone ;) thanks ) |
Re: Very Very experienced PHP programmer , HELP needed
Any joy with your problem? Had some advice from a mate which is below...
DO you have root access to the server? If so you could install mod_security for apache, as that should be able detect any intrusions and block/alert you about them. If you keep changing the password then it is unlikely he is getting in that way, he's probably exploiting some weakness in a script to do a code or sql injection. - Check that all your sql queries that use user data are being escaped with mysql_escape_string(). - Check if you are using any exec() functions in the PHP code, and if so that there is no possibility for a user to insert a string into these functions. You could pay someone like security metrics https://www.securitymetrics.com/ about $100 to do a regular automated security sweep of your server. They will look for vulnerabilities and alert you of them. HTH |
| All times are GMT -12. The time now is 10:56 pm. |
Powered by vBulletin: ©2000 - 2026, Jelsoft Enterprises Ltd.
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.