Solved

Upload files in my web server have been erased by hacker

Posted on 2014-11-27
3
158 Views
Last Modified: 2015-01-02
Hi.

I have a web server where my users upload files via POST Method in Php

The upload directory  have file permisions  777, because if not they upload files.

Well, a month ago, a hacker accessed to this directory, and he erased all files with 777 permisions

How do I configure this directory for anyone can erase this files?

Thanks
0
Comment
Question by:jorgeeurolynx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40470349
Do change the password login for the existing user and isolate the server if possible, till a fresh image is reverted with new account. Coming back, 777 is discouraged even if this is shared host. This invites trouble actually.

Pls see good practices for securing PHP. Check out the tips stated in article
#7: Turn Off Remote Code Execution
#11: Install Suhosin Advanced Protection System for PHP
#14 PHP User and Group ID
#15 Limit PHP Access To File System
#18: Restrict File and Directory Access
#19: Write Protect Apache, PHP, and, MySQL Configuration Files
#21 Install Mod_security

Overall, besides the hardening aspects, consider for least privileged principle in web server and below are food for thought

e.g. Run user account in your web server whom is not owning any of the files of the website.

e.g. Have just sufficient access rights for web server process such that it perform baseline tasks like audit logging to write its access.log, error.log, and transact with its authorised database server.

e.g. Create a user group and add a user into it, this user is the overall owner of the whole web content including its directories. Have that main web content folder with permission of 750 and the web content files with permission of 650  - deny others and allow only user and group. Do ensure your web server retain read access to all customised scripts and configuration.

If you have .htaccess as in use of Apache then do consider below

e.g. Lockdown any directory browsing to external (e.g. add "Options -Indexes"  into .htaccess File in web content home page) and even blocking bot from crawling your web content using .htaccess (to best effort) . Can check out more of .htaccess security trick

e.g. Password protect web content directory using .htaccess. But do note it only protects directories and not files. Also once user authenticate login successfully it is back to the users' permission assigned to those content in that directory and its children.
0
 
LVL 40

Expert Comment

by:noci
ID: 40470605
Then again, if the php engine CAN access files, then a user through php can access those files.
the php app should be writen in such a manner that misuse is not possible.
0
 
LVL 64

Expert Comment

by:btan
ID: 40471038
in fact, do watch out for 2 common attacks that leads to indirect upload attempts. They are Remote File Inclusion (RFI) and Local File Inclusion attacks. Never use arbitrary input data in a literal file include request. Always good to verify with a web scanner against the site to sieve out any gaps as attacks can come in if there are any holes and then upload web shell
https://www.owasp.org/index.php/File_System#Includes_and_Remote_files

for interest there is a php shell detector as well - http://www.emposha.com/security/php-shell-detector-web-shell-detection-tool.html
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question