Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

PHP Webserver Attack


ipohismytown

Recommended Posts

My admin file manager suddenly appear some strange file(exp. ".htaccess" and "12134.php"). This kind of number .php file have upload inside my server which in some folder with different number like 23123.php.... but my admin seen like not have any problem just got some folder like file i attach below (error.jpg). When i click on it appear, page not found. Inside attachment(problem.zip -> error.jpg)show the situation we facing as the folder name "mail" unable to access into it(not matter create a new one also unable to access). Previously we did not have this kind of problem after today(27/05/2009 04:05:00). We observe that some strange file appear in our server (for example view for attachment -> problem.zip -> ".htaccess" and "12134.php"). Some folder with open permission 777 also appear for this kind of file but with different number php file (ex. "62324.php","21323.php"). After develop this problem, some function or server cannot access so i tries to delete this kind of files. As result, some modules fully function again but this "mail" folder i unable to access, it display "406 Not Acceptable". Do this kind of files are spam or virus?Any way to prevent for this situation happen again.

 

 

Problem.zip

Link to comment
Share on other sites

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

It's been my experience and observation that the most common reason for this hack is improper folder permissions.

 

Folder permissions should not be higher than 755

 

777 is unacceptable.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...