I have this advice from a PHP web designer saying that we have a Security issue. Please read his message below and advice:
Unfortunately, I have also noticed a number of other issues, which I have listed below:
- My Anti-Virus programme found a trojan when I downloaded the website (it’s the file /scripts/upload/upload/tmp
.php, you can find more information provided by my anti-virus programme on https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~PhpShel-R.aspx
I am not a specialist in terms of security issues like this, but I would recommend deleting this file as soon as possible and check if any damage has been done.
- You provide the option to deposit resumes, but it seems that the uploaded files are not checked for possible harmfulness (caused the issue above)
- The uploaded resumes are public for everyone with access (eg. http://www.risingtide.ch/scripts/upload/upload/NiranjanSambhus_CurriculumVitae.pdf
). This can be seen as a quite considerable privacy issue for your applicants.
- Other parts of the code are also not checking the quality of the requests by the users. The code that is used there is, in my opinion, a bit of a mess, and probably not sufficient for your company’s future needs.
These points just briefly sum up the main issues I noticed when looking at your homepage.
I would highly recommend bringing your website to the “up-to-date” web and security standards, which both you and the visitors of the website would benefit from.
If you have any further questions, please feel free to contact me.
Please let me know what should I do in this case to check our web site for any malware, virus or bugs.