Hey. That is not a good php.ini configuration. 1. display_errors should be disabled in production as it may output path info to the browser. 2. register_globals should be disabled (default in php5) as it allows scripts to be polluted with tainted data. 3. I would also disabled short_open_tags - not a security issue but more for portability as you cannot guarantee this setting will be enabled on another server. On 30/04/06, scot <scotoc@xxxxxxxxxxx> wrote:
Hi there, Not sure if this is proper place to post but here it goes. We got nailed by someone using c99shell today. They were able to upload and overwrite a bunch of index files. I am working on discovering how they were able to get it on our server. Here's some basic info. I am by no means a php expert. Should things be different? Is there a good paper out there somewhere in regards to windows / iis5 / php security? php 4.4.1 Safe Mode: OFF Open basedir: none Display Errors: ON Short Open Tags: ON File Uploads: ON Magic Quotes: ON Register Globals: ON Output Buffering: OFF Session save path: e:\PHP\sessiondata Session auto start: 0 XML enabled: Yes Zlib enabled: Yes Disabled Functions: none Here is also a snip of log (altered IP's and URL) of what I think is the hack of the site. (I could be wrong) 2006-04-29 23:47:46 x.x.x.x - x.x.x.x 80 GET /index.html - 200 0 958 105 172 HTTP/1.0 www.blah.com Wget/1.9.1 - - 2006-04-29 23:49:32 x.x.x.x - x.x.x.x 80 GET /index.html - 200 0 953 122 297 HTTP/1.1 www.blah.com libwww-perl/5.805 - - Thanks, Scot -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- http://www.web-buddha.co.uk dynamic web programming from Reigate, Surrey UK (php, mysql, xhtml, css) look out for project karma, our new venture, coming soon!
