Hi, over the last month ive been hacked 8 times. its a constant problem, 2 weeks ago they wiped out my server, deleting everything. seems most of the issues come from the adult video site and 2 myspace related sites. both the myspace sites have image uploading and the video site has video uploading. the hackers keep uploading phpfiles . can someone please tell me how i can stop this ? i need to make the php script only let pics/videos upload. not php or text files..
For example u can create a function for file extension checking! So if file extension isn’t .avi, .mpg, .jpg… return: This file is not valid and can’t be uploaded
Follow these steps: * Rename the files to something like '7jkjsdf8', store it in the database along with its original name. * When users call the files, they will call a script, which will force download the file with its name. Even if the users manage to find out where the files are stored, they won't be able to call it. Peace,
they dont need to be able to call it to have it execute checkout the php function ignore_user_abort(); a script like this would run itself <?php ignore_user_abort(); // run script in background set_time_limit(0); // run script forever $interval=60*15; // do every 15 minutes... do{ // add the script that has to be ran every 15 minutes here // ... sleep($interval); // wait 15 minutes }while(true); ?> PHP:
well its escalated past this issue now. basically this is what happened. I found where the hackers came from , i found the bulletin board that they got together and planned the attack on my server. it is a hacking forum. there is 4 sites that all link to the hacker forum. I contacted there hosting company, I contacted godaddy (all there names are registered through them), I contacted IR3.gov which is for cyber crimes, and I contacted my Local FBI office . I sent the direct link to the thread to all of them. This was on friday. This morning I wake up and find none of my sites are online , I have about a dozen. The server is online but i cant ssh in. Log into my server via whm, there is a whole bunch of messed up stuff. looks like they got in and screwed the entire server up. they changed all of the cpanel email addresses to hacker@xxxx (i wont put the rest in). so...I go to look at there hacker forum to see if they updated the post, to my surprise, ALL OF THE SITES ARE GONE dont know if it was the FBI, IR3, There hosting, no idea. all I know is all there sites are Kapput ! so my guess is, there sites got shut down and maybe one of the places i contacted sent them an email with the link stating that its illegal or something like that. so they retaliated on me. I have a complete server backup so i dont really care but now im guessing there going to continue hacking me. I have security on the server and they keep getting in
While that may have taken care of it for the minute, new people could come along or they could just come back later on. The problem is that your letting them upload any file type. Thats a big no-no. You should force a $_FILES["file"]["type"] check and only allow the file types you want. As long as your apache is not setup wrong(standard install for file types that can run as php, php3, maybe html, but nothing else) then you will not have any problems as the users could upload a php file with an .wmv or whatever ext. and the server would never run it as php as it has to be file.php before apache will run it in the parser.
What i also can advise you is to upload the file to a folder outside the webroot, then its impossible for them to access it. So resuming , a secure php upload application should contain minimum the next steps: 1 a file mime type check 2 a extension check 3 you will want to change the name to some random string 4 you upload the file outside the webroot 5 rinse and relax Now i think it is possible that they still can attach some phpcode with an editor such as gimp or so to an imagefile but now its getting very hard and they will look for anoher victim
Just remember that each browser does not always do the same file mime-type format, and if you put it in a folder below the domain root you will need to build an application to fetch the files and read them to the user's if they want to view the file or download them.
ok. here is an update. I just spoke to the person that i bought the script from. he found an old uploader form that wasnt used anymor and wasnt secure. he deleted it, that must of been how they were getting in. the normal upload form doesnt allow php files. hopefully that will fix it. as i was going through cpanel i looked in ftp manager. seems there was an ftp acct set up thats not mine. lol, hackers. i removed it.