How prevent malicious php files being added?

P

postcd

Guest
Hello, from time to time in my sites structure (various CMSs) appears malicious .php files.

So im unable to discover on what is the bug or how they managed to appear. the hosting password was changed and is unguessable

so my FIRST question:

can i prevent scripts to be added by changing all folders permission to no writing? i men remove write bit in folders..

or would i need to remove writing rights to even files?

here the chmod commands

SECOND question:

which php function is needed for creating an file with some content?

thx
 


Just make sure your directory and file permissions are set properly.

Files should be 0644, and directories 0755. If you feel you're in an insecure environment, update it. If it's already updated, make sure you're disabling unnecessary PHP functions. Here're some PHP functions most can disable without any issues, just add this after "disable_functions" in your php.ini.

phpinfo, show_source, allow_url_fopen, apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode

This will restrict most of your attacker's functionality in the system, as well as limit what information is being displayed to give them attack vectors.
 

Members online

No members online now.

Latest posts

Top