RE: Security Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There should be some clues in your httpd logs if it is coming in on the
http request. Otherwise, you need to beef up the input sanitization all
across the board. Some of that might be caught by verifying the users
all have current versions of their applications in place.

Bob McConnell

-----Original Message-----
From: Igor Escobar [mailto:titiolinkin@xxxxxxxxx] 
Sent: Monday, June 07, 2010 9:21 AM
To: Phpster
Cc: <php-general@xxxxxxxxxxxxx>
Subject: Re:  Security Issue

I do not believe he is doing so through forms but PHP Injection. We have
already met one of the files that he used to make the concatenation of
the
cache files. Need to know if there is a tool, anything, that we can
install
on the server and identify the hacker more easily because the manual
labor
is not giving much result.

Thanks for all support!

Regards,
Igor Escobar
Systems Analyst & Interface Designer

+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)





On Mon, Jun 7, 2010 at 10:08 AM, Phpster <phpster@xxxxxxxxx> wrote:

>
> On Jun 7, 2010, at 8:54 AM, Igor Escobar <titiolinkin@xxxxxxxxx>
wrote:
>
>  Hi Folks!
>>
>> The portal for which I work is suffering constant attacks that I feel
that
>> is PHP Injection. Somehow the hacker is getting to change the cache
files
>> that our system generates. Concatenating the HTML file with another
that
>> have an iframe to a malicious JAR file. Do you have any suggestions
to
>> prevent this action? The hacker has no access to our file system, he
is
>> imputing the code through some security hole. The problem is that the
>> portal
>> is very big and has lots and lots partners hosted on our estructure
>> structure. We are failing to identify the focus of this attacks.
>>
>> Any ideas?
>>
>>
>> Regards,
>> Igor Escobar
>> Systems Analyst & Interface Designer
>>
>> + http://blog.igorescobar.com
>> + http://www.igorescobar.com
>> + @igorescobar (twitter)
>>
>
> Can you implement a simple form dump process that would catch the form
name
> an the data being entered and save that? That would allow you to at
least
> see what script has the hole as you trap it.
>
> Bastien
>
> Sent from my iPod
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux