fox_statton
asked on
How was I hacked? Security experts....
Yesterday I discovered that number of files on my server had been hacked.
A new line of code has been added that opened an IFRAME and tried to download a trojan.
The files were chmodded to 777, so anyone could have written, but on checking i discovered that every file that was 777 suffered this attack.
What puzzles me is that these files were in a folder protected by .htaccess, the folder was 755, and Im the only person in the world that uses these files, so the filenames were linked to from anywhere else, how did the attacker discover the files, can anyone just browse my filesystem remotely?
A new line of code has been added that opened an IFRAME and tried to download a trojan.
The files were chmodded to 777, so anyone could have written, but on checking i discovered that every file that was 777 suffered this attack.
What puzzles me is that these files were in a folder protected by .htaccess, the folder was 755, and Im the only person in the world that uses these files, so the filenames were linked to from anywhere else, how did the attacker discover the files, can anyone just browse my filesystem remotely?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
anyone can access 777 files and 777 dirs.
-r-
-r-
ASKER
But if they dont know the filename (ie its not linked to from anywhere and is not an obvious name) how can they discover it?
all someone has to do is read the directory using PHP or possibly could do it through the command line using the dir command.
If someone is changing your files you should report this to your web host, the problem can only really be fixed by them - unless its an insecure script
If someone is changing your files you should report this to your web host, the problem can only really be fixed by them - unless its an insecure script
ASKER
They can read the contents of my directory even if its set to 755?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello all,
755 is read,write,execute 4+2+1 = 7 owner
read, execute 4+1 = 5 group
read, execute 4+1 = 5 everyone
here is a table of values:
Digit rwx Result
0 --- no access
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read write execute
typical settings
directories 755, scripts 755, data files 666, and configuration files 644
Joseph Melnick
755 is read,write,execute 4+2+1 = 7 owner
read, execute 4+1 = 5 group
read, execute 4+1 = 5 everyone
here is a table of values:
Digit rwx Result
0 --- no access
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read write execute
typical settings
directories 755, scripts 755, data files 666, and configuration files 644
Joseph Melnick
ASKER
So it I dont want people to be able to browse my directiory, but need to be able to execute scripts, what should I set it as?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER