Reply to Re: Unwilling phishing site host

Your name:

Reply:


Posted by Al Kolff on 04/17/07 21:50

"Robin Faichney" <robin@robinfaichney.invalid> wrote in message
news:saaq13ta1h3jvn4rnm8nvog2qku6vhjuh8@4ax.com...
> Thanks for all the comments. I've notified the webhost about register
> globals being enabled and I've received the following explanation of
> what seems to have happened.
>
> "I still think it is
> that contact.php page. I am almost certain that the hacking was done
> through the website and not FTP or another method. My guess would be
> that there is a security flaw somewhere in that contact.php which is
> allowing file uploads even though it is disabled. This is backed up by
> a
> quick search on google for "Free-php-Scripts.net contact.php" (as
> that's
> the author site given in the script) for which the results are:
> http://www.google.co.uk/search?hl=en&q=Free-php-Scripts.net+contact.php&
> meta=
>
> One of the entries (there are also other similar ones) is this, which
> lists a security flaw in that script:
> http://xforce.iss.net/xforce/xfdb/29874
>
> As this is a known vulnerability, hackers probably scanned the
> internet
> for any site using it that they could compromise. There is also a file
> called c99.php on your site which is a script designed to help hackers
> do whatever they wish (
> http://www.google.co.uk/search?hl=en&q=c99.php&meta= ). My guess is
> that
> this is the file that was uploaded using the security flaw in the
> script. Once this was uploaded, they then used it to upload their
> phishing scam etc. You should remove this c99.php file before the site
> goes back online and check all other files in case of additional



> changes
> the hackers made."
> --
> <http://www.robinfaichney.org/>

Robin,
While I love PHP this is one of those times it might pay to use perl along
with php. Contact pages and forms are gateways to all kinds of problems.
"nms formmail" works great and is fairly secure.( Just don't emulate matts
formmail or turn off the security features.

To protect your self from the scriptkiddies rename your scripts and files
and modify your code to match. How do I know these things? Being black
listed is no picnic to overcome.

God bless,
al

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация