08-01-2011
Web hosting security question
Hi,
Recently my has been hacked. A .pl script has been uploaded in the root of the directory, which uploaded lot of unwanted files and changed their file permission to 777.
I have no clue how did they upload that .pl file in my hosting.
Website is in shared hosting. Could they access my web root from other website which hosted in the same server?
Or any idea how could they reached my site root?
4 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I built my website based on Dreamweaver, on Windows platform. My server uses Unix, and the page doesn't look too good. Is there any way to solve this problem without too much of a headache? (1 Reply)
Discussion started by: PCL
1 Replies
2. Cybersecurity
Hello, guys !
The company I work for has a few web hosting servers and I'd like to know how can I secure the servers a little bit ?
The situation is like this:
Apache runs as nobody so all users can run scripts as nobody. This is a big security problem beacause if I have an account on the... (4 Replies)
Discussion started by: Sergiu-IT
4 Replies
3. Web Development
Hi All,
Frankly I'm new to Linux Environment. While we are trying to Host an ASP.NET 5 Web Application on Centos OS7 Web hosting Server. There were couple of steps which we are supposed to go through, please see this link -
We are stuck at Create a Container & then Running the Container,... (1 Reply)
Discussion started by: John Fredric
1 Replies
4. Shell Programming and Scripting
Hi..
I have very limited knowledge on LDAP and its configuration and but I have been trying to figure out one issue that takes place when I am running the program that is written in php, but so far its unsuccessful.
The server, I am working on is ldap server, which is running on Apache. After... (1 Reply)
Discussion started by: GomathiUoM
1 Replies
LEARN ABOUT PHP
is_uploaded_file
IS_UPLOADED_FILE(3) 1 IS_UPLOADED_FILE(3)
is_uploaded_file - Tells whether the file was uploaded via HTTP POST
SYNOPSIS
bool is_uploaded_file (string $filename)
DESCRIPTION
Returns TRUE if the file named by $filename was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried
to trick the script into working on files upon which it should not be working--for instance, /etc/passwd.
This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to
the user, or even to other users on the same system.
For proper working, the function is_uploaded_file(3) needs an argument like $_FILES['userfile']['tmp_name'], - the name of the uploaded
file on the client's machine $_FILES['userfile']['name'] does not work.
PARAMETERS
o $filename
- The filename being checked.
RETURN VALUES
Returns TRUE on success or FALSE on failure.
EXAMPLES
Example #1
is_uploaded_file(3) example
<?php
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
echo "File ". $_FILES['userfile']['name'] ." uploaded successfully.
";
echo "Displaying contents
";
readfile($_FILES['userfile']['tmp_name']);
} else {
echo "Possible file upload attack: ";
echo "filename '". $_FILES['userfile']['tmp_name'] . "'.";
}
?>
SEE ALSO
move_uploaded_file(3), $_FILES, See Handling file uploads for a simple usage example..
PHP Documentation Group IS_UPLOADED_FILE(3)