Link to home
Start Free TrialLog in
Avatar of mallony
mallonyFlag for Switzerland

asked on

how do I check our web site structure PHPMyadmin code for any bugs?

I have this advice from a PHP web designer saying that we have a Security issue. Please read his message below and advice:

Unfortunately, I have also noticed a number of other issues, which I have listed below:
 
- My Anti-Virus programme found a trojan when I downloaded the website (it’s the file /scripts/upload/upload/tmp.php, you can find more information provided by my anti-virus programme on https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~PhpShel-R.aspx)
I am not a specialist in terms of security issues like this, but I would recommend deleting this file as soon as possible and check if any damage has been done.
 
- You provide the option to deposit resumes, but it seems that the uploaded files are not checked for possible harmfulness (caused the issue above)
 
- The uploaded resumes are public for everyone with access (eg. http://www.risingtide.ch/scripts/upload/upload/NiranjanSambhus_CurriculumVitae.pdf). This can be seen as a quite considerable privacy issue for your applicants.
 
- Other parts of the code are also not checking the quality of the requests by the users. The code that is used there is, in my opinion, a bit of a mess, and probably not sufficient for your company’s future needs.
 
These points just briefly sum up the main issues I noticed when looking at your homepage.
 
I would highly recommend bringing your website to the “up-to-date” web and security standards, which both you and the visitors of the website would benefit from.
 
If you have any further questions, please feel free to contact me.


Please let me know what should I do in this case to check our web site for any malware, virus or bugs.

kind regards,
Eduardo.
SOLUTION
Avatar of Marco Gasi
Marco Gasi
Flag of Spain image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mallony

ASKER

In this case Eduardo has my credentials and he said that i have some Trojans on the site. i think he want me to pay more hours for him to work on it.

But is this possible that I have a trojan in my website?

Please advice.
Yes, it is possible for ure.
The problem here seems to be that you don't trust your web developer, and you should think about this: you need to work with someone you can trust or just trust who you're working with. :-)
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mallony

ASKER

excellent!