1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to disallow creating .php files and modiffying them?

Discussion in 'PHP' started by postcd, Aug 26, 2014.

  1. #1
    Hello, how i can disallow creating and modiffying .php files on an webserver for certain website directory or certain website which belongs to a certain user account? (not on whole server)

    someone injecting files to my website structure fromtime to time, i dont want to fix any bugs in script nor upgrade, i want this fix as im nto modiffying or adding new php files so this looks to be easiest way to prevent..

    thank you
     
    postcd, Aug 26, 2014 IP
  2. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #2
    Uhm... you don't wanna "fix any bugs nor upgrade"? WTF?
     
    PoPSiCLe, Aug 26, 2014 IP
    HuggyStudios likes this.
  3. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #3
    If you have a non-secure script that is able to create or modify php files, there's a lot more to worry about. The problem is that scripts shouldn't be able to create or modify php or operating system files at all. This should require FTP access or some administrative privileges to accomplish. You could check your file or directory permissions but even with 777 directories, a person shouldn't be able to arbitrarily or anonymously write to the server. Disabling all forms might be another good place to look. I can only assume that someone is able to inject raw php code into a script and it is somehow being executed. If this is the case it's usually only a matter of time before they control the whole server or user account at the very least.
     
    jestep, Aug 26, 2014 IP
  4. HuggyStudios

    HuggyStudios Well-Known Member

    Messages:
    724
    Likes Received:
    20
    Best Answers:
    26
    Trophy Points:
    165
    #4
    You need to stop licking windows and leave web development to people with an IQ over 50.

    Cheers
     
    HuggyStudios, Aug 26, 2014 IP
    PoPSiCLe likes this.
  5. Jameyson MacDonald

    Jameyson MacDonald Well-Known Member

    Messages:
    452
    Likes Received:
    83
    Best Answers:
    3
    Trophy Points:
    115
    #5
    Now that's a productive response...

    The best thing you can do is get rid of the script. If it's creating malicious files and modifying others, it's a malicious script. It was developed to do exactly what you described and trying to fix it is a waste of your time and everyone else's.
     
    Jameyson MacDonald, Aug 26, 2014 IP
  6. abhicyco

    abhicyco Active Member

    Messages:
    36
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    75
    #6
    With folder and file permissions you can acheive your target.

    Refer to the article below to learn more about permissions

    http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions
     
    abhicyco, Aug 26, 2014 IP
  7. postcd

    postcd Well-Known Member

    Messages:
    1,037
    Likes Received:
    9
    Best Answers:
    1
    Trophy Points:
    190
    #7
    thx, please what permission would You suggest? (i have a Wordpress blog)

    current permission is folder 755, files 644

    you would set folder to 440 (read,read,nothing)?
     
    postcd, Aug 27, 2014 IP
  8. postcd

    postcd Well-Known Member

    Messages:
    1,037
    Likes Received:
    9
    Best Answers:
    1
    Trophy Points:
    190
    #8
    issue is that i dont know which script it is. on that hosting account are hosted 3 different scripts with many plugins. and mailicious .phps are always spread out acros numerous folders of these scripts/sites...
     
    postcd, Sep 5, 2014 IP
  9. Jameyson MacDonald

    Jameyson MacDonald Well-Known Member

    Messages:
    452
    Likes Received:
    83
    Best Answers:
    3
    Trophy Points:
    115
    #9
    If there are three separate scripts and you don't know which is causing the problem, maybe you could create 3 separate sub domains, put one of the scripts on each and see which one replicates your problem. Then you should know which script to do away with.
     
    Jameyson MacDonald, Sep 5, 2014 IP