发表新帖
发表新帖

PHP script: malicious JavaScript code at the end

前端 未结
关注
10 2042
闹比i
闹比i 2021-02-01 20:04

The problem:

On my webspace there are PHP files which all end with this:

Before

10条回答
  • 余生分开走
    余生分开走 (楼主)
    2021-02-01 20:58

    We have experienced a problem similar to this a while ago with one of our major web properties. What your web host said was correct: it was likely due to not FTP access, but an insecure script that somehow allowed modification of arbitrary files. In our case, a vulnerability in an old phpMyAdmin allowed changes to some PHP scripts.

    If you haven't done so already, you may want to make sure that the web server has only read privileges to all scripts and HTML files. It turns out that Apache could also write to scripts in our case. Simply

    cd web_files_directory
chown -R some_not_web_server_user:some_not_web_server_group .
find . -type f | xargs chmod 644
find . -type d | xargs chmod 755

    0 讨论(0)
 看不清?
提交回复
热议问题