Looking to hire a security expert

I am looking to hire someone who knows how test my web site for security.

Question: Can someone access a website get into the server and change a posted document that is in a PDF format? I believe this happened on my website. I posted a complete pdf for public viewing only to find some of the content is changed every week. I didn't think it was possible since a pdf is almost like a photgraph.

Don

 

I'm no security expert,

But you should check the raw http access logs and see any expliot is being used, they cant modify the PDF im sure they would have to download it, change it, then re-upload it - It's easy enough with a shell (c99.php etc..)

They most probably have a shell on your server hidden in a directory somewhere, from that they can browse the contents of your server, edit, modify and upload

 

check the logs first on who is logging in. also check that if any suspicious process is running as nobody

 

Check the permissions of the file, could be writable for all users.

 

no! any pdf can be manipulated with free pdf libraries using php.

 

100% agree. PHP has capable of manipulating and processing more and more types of files.

 

Not expert but I can help you basically for free. Send me a PM