Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Elxis documentation
for users and developers.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
php code folders shown up
« previous
next »
Print
Pages: [
1
]
Author
Topic: php code folders shown up (Read 6064 times)
jimmyz
Full Member
Posts: 202
php code folders shown up
«
on:
January 30, 2010, 21:56:42 »
Hi all you guys out there...
I just discovered the creation of two randomly named folders, under my root. They both conain the same php code and in one of them, exists a confirmation return txt file.
My httpdocs folder is 750 chmoded. No other anomalies are known so far. These two folders were created in 23 & 25 of this month and they were instantly removed in the 28th, once they were known.
Elxis is on v2009.0 Stable rev2437, my PHP allows openning remote files, cause I couldn't switch it off.
I attach the files.
What's going on? Please enlight me.
[attachment deleted by admin]
Logged
Dirty Deeds Done Dirt Cheap
Ivan Trebješanin
Elxis Team
Hero Member
Posts: 1663
Re: php code folders shown up
«
Reply #1 on:
January 30, 2010, 22:56:32 »
You
MUST
disable url_fopen! If you can't explain it to server admin, you must try this little workaround: ENABLE Elxis defender and add
=http
to filter list. Elxis is very secure, but your server is
NOT
. So, you can only try to protect your site this way. But if server gets compromised or something your site will go down, too. So use Elxis backup feature regularly, and change host as soon as you can.
Logged
I've got a snap in my finger...
Got rhythm in my walk...
datahell
Elxis Team
Hero Member
Posts: 10356
Re: php code folders shown up
«
Reply #2 on:
January 31, 2010, 09:29:47 »
Very dangerous. Try to find how he managed to upload that file on the server.
Make sure system, exec, and other similar functions are not allowed (are in disabled php functions).
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
php code folders shown up