------------ Original Message ------------ > Date: Friday, October 03, 2014 10:46:52 -0400 > From: Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx> > To: php-general@xxxxxxxxxxxxx > Subject: hacked!! > > My first time experiencing this. Suddenly Google has warned me > that my site is hacked and I have found a couple of files that > indeed did have some malicious code added to them. My question > here is: Does this mean someone figured out my site password in > order to gain ftp access? I am very careful of my passwords so > I'm shocked to see this happen. Any passwords stored in my files > are stored outside of the web-accessible tree so I am puzzled. > > Any advice appreciated. There are a range of potential vectors, potentially including your php code, so I would suggest looking at the server (both the web server and system-level) logs to see if you can identify the source/manner. Note, the default ftp setup passes credentials (and data) in the clear, so depending on where you use it it can be a source of a compromise. Using an encrypted file transfer protocol, e.g., sftp or scp, is recommended. - Richard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
