PHP script: malicious JavaScript code at the end

前端 未结 10 2030
闹比i
闹比i 2021-02-01 20:04

The problem:

On my webspace there are PHP files which all end with this:


Before

相关标签:
10条回答
  • 2021-02-01 20:58

    We have experienced a problem similar to this a while ago with one of our major web properties. What your web host said was correct: it was likely due to not FTP access, but an insecure script that somehow allowed modification of arbitrary files. In our case, a vulnerability in an old phpMyAdmin allowed changes to some PHP scripts.

    If you haven't done so already, you may want to make sure that the web server has only read privileges to all scripts and HTML files. It turns out that Apache could also write to scripts in our case. Simply

    cd web_files_directory
    chown -R some_not_web_server_user:some_not_web_server_group .
    find . -type f | xargs chmod 644
    find . -type d | xargs chmod 755
    
    0 讨论(0)
  • 2021-02-01 21:00

    I would suggest changing any FTP or SSH passwords to be very secure. If you use a hosting provider you should also notify them of the breach. If you do not have logs to investigate the matter then they may. You should also Google the code that was added to your page to see if you can find anything else.

    0 讨论(0)
  • 2021-02-01 21:00

    If you has static ip - you can forbid ftp-access from not yours IP

    0 讨论(0)
  • 2021-02-01 21:02

    phsource is the closest.

    If you're on a shared server, other people have access to the server itself. This is sort of the definition of a shared server. The problem is that if you have files with permissions of 777, they are world-user-group writable. Which means anyone with access to the box can write to them. See the problem?

    All it takes is one person on that box to have a weak password, poorly configured script, or a horrible bit of code, and a mediocre script kiddie can cause all kinds of problems all over the box. Most of these attacks are purely automated. They get access, scan for attack-able files, and append as needed.

    Most likely, you should change all of your files to 755 or 644 permissions. You'll sleep better at night.

    And after you're done cleaning it up, make sure Google hasn't flagged you as a malicious site. It's not horrible to clean up, but it can decimate your traffic in the meantime.

    0 讨论(0)
提交回复
热议问题