Elxis CMS Forum

Support => Security => Topic started by: jimmyz on January 30, 2010, 21:56:42

Title: php code folders shown up
Post by: jimmyz on January 30, 2010, 21:56:42

Hi all you guys out there...

I just discovered the creation of two randomly named folders, under my root. They both conain the same php code and in one of them, exists a confirmation return txt file.
My httpdocs folder is 750 chmoded. No other anomalies are known so far. These two folders were created  in 23 & 25 of this month and they were instantly removed in the 28th, once they were known.

Elxis is on v2009.0 Stable rev2437, my PHP allows openning remote files, cause I couldn't switch it off.

I attach the files.

What's going on? Please enlight me.

[attachment deleted by admin]

Title: Re: php code folders shown up
Post by: Ivan Trebješanin on January 30, 2010, 22:56:32

You MUST disable url_fopen! If you can't explain it to server admin, you must try this little workaround: ENABLE Elxis defender and add =http to filter list. Elxis is very secure, but your server is NOT. So, you can only try to protect your site this way. But if server gets compromised or something your site will go down, too. So use Elxis backup feature regularly, and change host as soon as you can.

Title: Re: php code folders shown up
Post by: datahell on January 31, 2010, 09:29:47

Very dangerous. Try to find how he managed to upload that file on the server.
Make sure system, exec, and other similar functions are not allowed (are in disabled php functions).