Posted by Steve Belanger on 04/10/07 19:33

if your site somewhere has an upload features, if it's not protected against
specific filters, i believe that somebody can upload a php file that way and
execute it once its' uploaded. of course they will need to know where the
file has been saved on the server and so forth, but i believe that's a
potential way of putting files on a server to perform harmful actions.


"Robin Faichney" <robin@robinfaichney.invalid> wrote in message
news:dsmn131scn3jhn19ut9tv9knggip8go25s@4ax.com...
>A site I run has somehow been used for phishing. The url was
> http://genuine.site/www/scotiabank/com/pe/
>
> I've assured the webhost that I'm not responsible and supplied dates
> of more recent ftp and control panel access, and they suggest the
> relevant files have been uploaded "via the website itself" but it's a
> very simple hand-coded site using PHP only to ease design changes and
> such, no bb/blog/whatever features. Can any PHP guru suggest how this
> might have happened? It's Windows based, unfortunately, with PHP4.1, I
> think, can't check because I can't access it now, it's been disabled.
> --
> <http://www.robinfaichney.org/>

[Back to original message]