aktur Posted May 23, 2010 Posted May 23, 2010 Hello, I've enabled write protection and logging on my host and in the log I notice following entries: May 22 18:14:21 ausfuehrendes Script: ~/catalog/admin/categories.php ~/catalog/admin/categories betroffene Datei: catalog/images/fsr.php Vorgang: deny[create] It means, that categories.php tries to save in catalog/images/. I was following all steps in protecting my site but it seams that there are still leaks. categories.php is in admin folder. How the hacker is able to execute it without logging as admin?
Jan Zonjee Posted May 23, 2010 Posted May 23, 2010 How the hacker is able to execute it without logging as admin? Not a clue but it would be good to add an .htaccess to that directory with this code in it. Paste it in a new file, remove line numbers of course. Upload it to the images directory as htaccess.txt and then rename it to .htaccess
gates2u Posted May 24, 2010 Posted May 24, 2010 Hello, I've enabled write protection and logging on my host and in the log I notice following entries: May 22 18:14:21 ausfuehrendes Script: ~/catalog/admin/categories.php ~/catalog/admin/categories betroffene Datei: catalog/images/fsr.php Vorgang: deny[create] It means, that categories.php tries to save in catalog/images/. I was following all steps in protecting my site but it seams that there are still leaks. categories.php is in admin folder. How the hacker is able to execute it without logging as admin? You've been hacked. THis happened to me on a test website where I did not lock down the testing permissions from 777 to what they should have been. They will add iframes directed to malware content on another side. You may also have a new policy.php file and changes to one or more of your PHP files. I was running SiteMonitor so I saw this, and Godaddy also alerted me that I was now on a Google malware list. I've now -- sadly - had to go get rescanned from Google (you request this through your Web Developer interface in your Google account). Anyways, huge bother. I, too, had the fsr.php in the images directory. This is a good reason to always sandbox your testing environments. So, your money-making sites don't get brought down/tagged by Google. I recommend you restore your source files, and make sure everything is locked down permissions-wise.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.