Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Seomeone placed script in my site that send email, how I cant found this script ?
I use parallels and Linux CentOs.
I'm search keyword in site "mail(", but also cant be that code is like hash
It could be anywhere, and it could be anything. It could even have been deleted.
We did have a situation a while back where a client lost control of their password due to a keylogger and someone was uploading a CGI script to spam emails, running it then deleting it. We only found out via FTP logs what was going on.
Try checking your ftp logs, web server logs and if all that fails and you are sure it is php then try searching for eval( as that is an often used tactic to hide what a script is doing.
More importantly though, my suggestion would be to get someone who is experienced in server management to have a look at your site as a matter of urgency. If they were able to upload a file to your site once, then even if you remove it, it won't stop them doing it again until you find exactly how they were able to do it.
You might also have a look at your scripts. Is there a contact form somewhere on your site? You might have not escaped userinput very well, which gives an attacker the ability to send mails to other recipients.
I had a similar situation in my early days until the host blocked the script and told me to fix it.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
so we got hacked and from that we raised a question based on our logs. Can a hacker start uploading a file at one point and specify when should it stop uploading. I.e. we got a HIT from an IP address at 06:50:52 2020-06-19 and the file uploaded later on 2020-06-20. The file is 2Mb so no way it actually took a full day to upload or does it depend on PHP configuration. Also there is no indication on when the file was uploaded only the first HIT was logged.
The client may influence the speed the file is being uploaded. It depends on the configuration of your server whether you timeout such long lasting requests or not. See the slow loris attack example to see how things may work.
you have to find which vulnerabity got exploited. It can be anything from a reverse shell to the webserver gained throu some php vulnerable scripts ...to some WordPress bug. Look thru all the logs
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I am looking for a way to host a webpage and a mySQL data base but in internal network, like an intranet for example.
When I was working on the website and the database, I used MAMP to emule a server on my PC but this work only on one PC. I'm looking for a way to share this website on different PC but only on my internal network.
Sorry for bad english. If there's something not understandable, please ask.
If it's a "repost question", please lead me to the answer I'm looking for. If you need more information, be pleased to ask them.
Thanks.
Unless it is very sensitive I would go for an external webhotel like godaddy.com or similar in your country. And add password protection on the site.
If you want to host it you need a computer that is on 24/7 and install your setup there, but then you are required to handle hardware failures, updating the software and so on.
MAMP and others should work. You might be visiting http://localhost:1234/index.php on your machine so on your network on other device, try http://yourmachinename:1234/index.php. As long as the ports are open, this should work.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
My website is entirely written by me in php on notepad, no WordPress or the like. The only known weakness is that due to a complicated hardware situation, I can not use HTTPS for the login area. It runs on a shared hosting account at iPage. It's 'LAMP'.
I am setup to monitor reasons why the 404 page is called. This is where my concern comes. Someone is making attempts on folders in all lower case. This more alarming because these folders words are in the login area sometimes. For example, if I have a file at /loginArea/myHidden/index.php these odd requests are aimed at /myhidden for some reason. Notice no caps and lack of the first directory. This has been happening at a rate of one per day, from random IP addresses all around the world. You might assume this was a coding mistake on my part at first, but I am 100% certain that has been ruled out by now. They are moving around my folder structure, poking like they are searching for something.
They seem to be limited to folder words they could sniff from http traffic of logged in users. They have not hit one that is known only to me.
No damage seems to have been done, but I am getting DAILY attempts and want to know what they are hoping for.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have the following problem:
The website I made for a friend has been infected with malware. When I tried to clean it, by replacing files that I found to be different to the ones I uploaded, with my original files, after a short time, the files were different again. The file permissions are all 644, and the folders 755. It is as if the one who infected the files has access to change them whenever I change them back. Can anyone help me since I am very new to this kind of problems?
First things first: report this to your webhost immediately! Secondly change all of your relevant passwords!
That being done, there are a few possible causes:
Your parent webhost has been compromised, in which case there is nothing you can do except move to a better host.
Your website contains a vulnerability that is being picked-up by kiddies with their vuln-scanners. Be sure to audit your code to ensure that no user action can result in your website's filesystem being touched inappropriately; also check for SQL injection avenues.
Your website uses a widely-distributed application, such as WordPress, that has not been patched - this is a major problem.
Your own PC has been compromised and ne'erdowells have used a keylogger or other software to discover your FTP or SSH account details, and are abusing your website. Run a local scan and audit everything to ensure your bank account is being raided either.
This isn't a code-related problem. This isn't the place for your question.
But: It's likely that a program is running on your server and re-infecting the files. I'd recommend either taking it to a professional malware removal service, or (my preference) burning the server in a fire and allowing a new server to rise from the ashes. Then install an AV suite on the new server.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
I had mod_pagespeed installed on my previous server. I didn't use it and disallowed via .htaccess because after some testing it turned out that it actually slowed down my site. So it remained "disallowed" via .htaccess for a long time.
Today I moved to a new server and migrated user accounts using cPanel VHM migration feature. Supposedly it migrates only accounts and not configuration, but I have many problems now and I suspect this is primarily due to pagespeed. It's not installed on the new server because I dont need it, but somehow various logs and console messages show that pagespeed versions of files are still requested from time to time like the following "d14dafe2dc85d5ff8142236c3f55e0d4.pagespeed.jm.ReWsy_33cT.js" which causes random 404 errors and even 500 internal server errors.
How can it request pagespeed versions if pagespeed isnt installed? how is it possible? can anyone explain, please.
Ok, fixed it. It was DNS problem.. data was being loaded from both servers. That is, had to wait for DNS propagation to finish.