Avatar of mallony
mallony
Flag for Switzerland asked on

how do I check our web site structure PHPMyadmin code for any bugs?

I have this advice from a PHP web designer saying that we have a Security issue. Please read his message below and advice:

Unfortunately, I have also noticed a number of other issues, which I have listed below:
 
- My Anti-Virus programme found a trojan when I downloaded the website (it’s the file /scripts/upload/upload/tmp.php, you can find more information provided by my anti-virus programme on https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~PhpShel-R.aspx)
I am not a specialist in terms of security issues like this, but I would recommend deleting this file as soon as possible and check if any damage has been done.
 
- You provide the option to deposit resumes, but it seems that the uploaded files are not checked for possible harmfulness (caused the issue above)
 
- The uploaded resumes are public for everyone with access (eg. http://www.risingtide.ch/scripts/upload/upload/NiranjanSambhus_CurriculumVitae.pdf). This can be seen as a quite considerable privacy issue for your applicants.
 
- Other parts of the code are also not checking the quality of the requests by the users. The code that is used there is, in my opinion, a bit of a mess, and probably not sufficient for your company’s future needs.
 
These points just briefly sum up the main issues I noticed when looking at your homepage.
 
I would highly recommend bringing your website to the “up-to-date” web and security standards, which both you and the visitors of the website would benefit from.
 
If you have any further questions, please feel free to contact me.


Please let me know what should I do in this case to check our web site for any malware, virus or bugs.

kind regards,
Eduardo.
PHPVulnerabilitiesAnti-Spyware

Avatar of undefined
Last Comment
mallony

8/22/2022 - Mon
SOLUTION
Marco Gasi

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Marco Gasi

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Ray Paseur

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
mallony

ASKER
In this case Eduardo has my credentials and he said that i have some Trojans on the site. i think he want me to pay more hours for him to work on it.

But is this possible that I have a trojan in my website?

Please advice.
Marco Gasi

Yes, it is possible for ure.
The problem here seems to be that you don't trust your web developer, and you should think about this: you need to work with someone you can trust or just trust who you're working with. :-)
ASKER CERTIFIED SOLUTION
Ray Paseur

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Member_2_248744

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
mallony

ASKER
excellent!
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck