Re: Site Hacked



Andrea wrote on Mon, 4 Jun 2007 22:01:45 +0200:

Absolutely not!
what I say is that I don't see anything that could be related to my iusse!

Injection or overflow vulnerabilities could be used to cause code to run on
your server that you did not intend, so that covers a few of those fixes.
The 3rd fix on the list covers a way to override the register_globals
setting - this can be bad in that global variables can be overwritten using
querystring or post values.

However, while these are possibilities, I'd be more suspicious of the actual
PHP code you have on the server. I myself was subject to a file replacement
attack on my Debian/Apache2/PHP5 server recently due a flaw in phpBB2
combined with allowing remote file opening (where URLs could be opened as if
they were local files, which I was using to pull data from some other
servers) which allowed the attacker to load a remote file as local PHP code
which then let them overwrite the config.php file for PHP-Nuke on my server.
This is an application flaw, and no amount of security patches will stop
something like this - the fix was to correct the phpBB2 code so that it
didn't allow the path variable it was using to be overwritten from POST
data, and I dumped the blocks that grabbed remote data (they were only a
test anyway) and so was able to turn off the option in PHP to pull remote
files.

Dan


.



Relevant Pages

  • Re: [PHP] PHP Performance and System Load
    ... reasonably simple mod_rewrite is the difference that is killing your server ... to the time taken to parse code, hit the database, hit the disk, etc. ... Opcode cache is good, but if you can give it less to cache that ... PHP code itself is not the bottleneck but the server configuration, ...
    (php.general)
  • Re: PHP Runs In WinXP Command Window But Not In Browser
    ... when it receives an http request it runs your PHP code ... You can send the http requests to your server (that is running your ... requests is a browser. ... In order to tell the browser where to send the http requests that kick ...
    (comp.lang.php)
  • Re: obfuscating the code?
    ... so that the customere will have access to the php code. ... Apache web server to parse it and communicate with the mysql database and ... Do you think copyrighting your stuff will actually help anybody except ...
    (comp.lang.php)
  • Re: fopen Problem
    ... My web host has upgraded to a newer version of PHP ... My test system, which still works, is coded on. ... If $report is referring to a "normal" file path to a file on the server ... As an example - if this file contained php code, ...
    (comp.lang.php)
  • Re: how closing open dbf file?
    ... cursor result for each client on demand or use a Local View. ... This freetable is viewed in a grid from other users thru a vfp form in the network to see the figures of their performance. ... I wanted this table to be updated every hour in our server but however, if somebody is keeping this freetable file open my sql query that will save and update the result into freetable cannnot overwrite the .dbf file while it is open. ...
    (microsoft.public.fox.programmer.exchange)