Re: Security Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Jun 7, 2010, at 8:54 AM, Igor Escobar <titiolinkin@xxxxxxxxx> wrote:

Hi Folks!

The portal for which I work is suffering constant attacks that I feel that is PHP Injection. Somehow the hacker is getting to change the cache files that our system generates. Concatenating the HTML file with another that
have an iframe to a malicious JAR file. Do you have any suggestions to
prevent this action? The hacker has no access to our file system, he is imputing the code through some security hole. The problem is that the portal
is very big and has lots and lots partners hosted on our estructure
structure. We are failing to identify the focus of this attacks.

Any ideas?


Regards,
Igor Escobar
Systems Analyst & Interface Designer

+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)

Can you implement a simple form dump process that would catch the form name an the data being entered and save that? That would allow you to at least see what script has the hole as you trap it.

Bastien

Sent from my iPod


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux