Solved

Upload files in my web server have been erased by hacker

Posted on 2014-11-27
3
156 Views
Last Modified: 2015-01-02
Hi.

I have a web server where my users upload files via POST Method in Php

The upload directory  have file permisions  777, because if not they upload files.

Well, a month ago, a hacker accessed to this directory, and he erased all files with 777 permisions

How do I configure this directory for anyone can erase this files?

Thanks
0
Comment
Question by:jorgeeurolynx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40470349
Do change the password login for the existing user and isolate the server if possible, till a fresh image is reverted with new account. Coming back, 777 is discouraged even if this is shared host. This invites trouble actually.

Pls see good practices for securing PHP. Check out the tips stated in article
#7: Turn Off Remote Code Execution
#11: Install Suhosin Advanced Protection System for PHP
#14 PHP User and Group ID
#15 Limit PHP Access To File System
#18: Restrict File and Directory Access
#19: Write Protect Apache, PHP, and, MySQL Configuration Files
#21 Install Mod_security

Overall, besides the hardening aspects, consider for least privileged principle in web server and below are food for thought

e.g. Run user account in your web server whom is not owning any of the files of the website.

e.g. Have just sufficient access rights for web server process such that it perform baseline tasks like audit logging to write its access.log, error.log, and transact with its authorised database server.

e.g. Create a user group and add a user into it, this user is the overall owner of the whole web content including its directories. Have that main web content folder with permission of 750 and the web content files with permission of 650  - deny others and allow only user and group. Do ensure your web server retain read access to all customised scripts and configuration.

If you have .htaccess as in use of Apache then do consider below

e.g. Lockdown any directory browsing to external (e.g. add "Options -Indexes"  into .htaccess File in web content home page) and even blocking bot from crawling your web content using .htaccess (to best effort) . Can check out more of .htaccess security trick

e.g. Password protect web content directory using .htaccess. But do note it only protects directories and not files. Also once user authenticate login successfully it is back to the users' permission assigned to those content in that directory and its children.
0
 
LVL 40

Expert Comment

by:noci
ID: 40470605
Then again, if the php engine CAN access files, then a user through php can access those files.
the php app should be writen in such a manner that misuse is not possible.
0
 
LVL 63

Expert Comment

by:btan
ID: 40471038
in fact, do watch out for 2 common attacks that leads to indirect upload attempts. They are Remote File Inclusion (RFI) and Local File Inclusion attacks. Never use arbitrary input data in a literal file include request. Always good to verify with a web scanner against the site to sieve out any gaps as attacks can come in if there are any holes and then upload web shell
https://www.owasp.org/index.php/File_System#Includes_and_Remote_files

for interest there is a php shell detector as well - http://www.emposha.com/security/php-shell-detector-web-shell-detection-tool.html
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Tool to test the firewall  protection 9 88
exchange 2010 Dag failed 3 67
patch status tool - free 9 61
Linksys EA8500 3 20
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question