------------ Original Message ------------
> Date: Friday, October 03, 2014 11:07:52 -0400
> From: Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx>
> To: php-general@xxxxxxxxxxxxx
> Subject: Re: hacked!!
>
> On 10/3/2014 11:04 AM, Richard wrote:
>>
>>
>> There are a range of potential vectors, potentially including your
>> php code, so I would suggest looking at the server (both the web
>> server and system-level) logs to see if you can identify the
>> source/manner.
>>
>> - Richard
>>
>>
> I have no files with passwords stored in the web accessible tree.
> Also, I have no idea what to look for in any logs.
The simple act of ftp-ing into a host, as you imply you do, (with
the default, insecure ftp setup) can expose your credentials.
> Does this mean someone figured out my site password
When looking at logs, start by looking for actions that took place
around the time(s) that the files were placed on your system. As
there's no guarantee that the file timestamps are accurate, look at
the directory timestamps too (assuming you haven't touched things
there of late). In web server logs look for actions that are
"unusual" (not simple file retrieval, or whatever is standard on
your site). In system logs (which you may not have access too), look
for ftp logins that come from non-standard locations.
This is shared, not virtual, hosting - correct? With shared hosting
there can be higher-level issues if the overall hosting isn't
secured properly.
- Richard
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
