On 10/03/2014 08:07 AM, Jim Giner wrote: > On 10/3/2014 11:04 AM, Richard wrote: >> >> >> There are a range of potential vectors, potentially including your >> php code, so I would suggest looking at the server (both the web >> server and system-level) logs to see if you can identify the >> source/manner. >> >> - Richard >> >> > I have no files with passwords stored in the web accessible tree. > Also, I have no idea what to look for in any logs. > Jim, Richard was talking about when you log into FTP, the credentials are passed from your PC to the server in plain text, unless you use one of the protocols he mentioned. As for searching for the vector of attack, you would use the file name, directory, timestamp, owner name of the file or folder, etc... to search your logs. The logs we are referring to are typically found in the /var/log/* location. If you don't have access to that, you might want to talk with your hosting provider. What version of PHP does this box use? What type of web service does it use? Apache, Lighttpd, etc... -- Jim Lucas http://www.cmsws.com/ http://www.cmsws.com/examples/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
