Hello, how i can disallow creating and modiffying .php files on an webserver for certain website directory or certain website which belongs to a certain user account? (not on whole server) someone injecting files to my website structure fromtime to time, i dont want to fix any bugs in script nor upgrade, i want this fix as im nto modiffying or adding new php files so this looks to be easiest way to prevent.. thank you
If you have a non-secure script that is able to create or modify php files, there's a lot more to worry about. The problem is that scripts shouldn't be able to create or modify php or operating system files at all. This should require FTP access or some administrative privileges to accomplish. You could check your file or directory permissions but even with 777 directories, a person shouldn't be able to arbitrarily or anonymously write to the server. Disabling all forms might be another good place to look. I can only assume that someone is able to inject raw php code into a script and it is somehow being executed. If this is the case it's usually only a matter of time before they control the whole server or user account at the very least.
Now that's a productive response... The best thing you can do is get rid of the script. If it's creating malicious files and modifying others, it's a malicious script. It was developed to do exactly what you described and trying to fix it is a waste of your time and everyone else's.
With folder and file permissions you can acheive your target. Refer to the article below to learn more about permissions http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions
thx, please what permission would You suggest? (i have a Wordpress blog) current permission is folder 755, files 644 you would set folder to 440 (read,read,nothing)?
issue is that i dont know which script it is. on that hosting account are hosted 3 different scripts with many plugins. and mailicious .phps are always spread out acros numerous folders of these scripts/sites...
If there are three separate scripts and you don't know which is causing the problem, maybe you could create 3 separate sub domains, put one of the scripts on each and see which one replicates your problem. Then you should know which script to do away with.