------------ Original Message ------------
> Date: Friday, October 03, 2014 13:52:54 -0400
> From: Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx>
> To: php-general@xxxxxxxxxxxxx
> Cc:
> Subject: Re: hacked!!
>
> On 10/3/2014 1:31 PM, Richard wrote:
>>
>> As a note, in this day and age, I strongly recommend against
>> shared hosting. There was a time when it was cost-effective, but
>> at this point in time, virtual hosting is a much better approach.
>> With virtual hosting you are rather more protected from others on
>> the same hardware and often have access to the logs, so can see
>> what's going on.
>>
>>
>> - Richard
>>
>>
>>
> What is virtual hosting?
>
> PS - I looked at a log but all that is there is references to
> every access to every file in my domain. GET/POST/.... ips,
> files, paths,blah blah blah.
>
> What is one supposed to glean from this?
Try doing a google search for shared vs. virtual hosting -- that
should return a number of pointers you can follow.
When looking at logs it helps greatly to have the timeframe narrowed
down as tightly as possible -- so that's generally the first task.
Then, in web server logs, look for things that are out of the norm
-- e.g., a POST that has an odd name (or the names of the files in
question), or GETs that have QUERY_STRING values. Note, if you don't
properly sanitize the input (QUERY_STRING) that you're pulling from
a GET or POST, that can potentially be used as a path for doing fun
things on a site.
You should also be looking at the server security-oriented logs. In
a shared-hosting environment you likely don't have access to them,
but once you've narrowed down the likely timeframe you can talk with
your hosting provider and have them look.
- Richard
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
