On 10/3/2014 2:10 PM, Richard wrote:
------------ Original Message ------------
Date: Friday, October 03, 2014 13:52:54 -0400
From: Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx>
To: php-general@xxxxxxxxxxxxx
Cc:
Subject: Re: hacked!!
On 10/3/2014 1:31 PM, Richard wrote:
As a note, in this day and age, I strongly recommend against
shared hosting. There was a time when it was cost-effective, but
at this point in time, virtual hosting is a much better approach.
With virtual hosting you are rather more protected from others on
the same hardware and often have access to the logs, so can see
what's going on.
- Richard
What is virtual hosting?
PS - I looked at a log but all that is there is references to
every access to every file in my domain. GET/POST/.... ips,
files, paths,blah blah blah.
What is one supposed to glean from this?
Try doing a google search for shared vs. virtual hosting -- that
should return a number of pointers you can follow.
When looking at logs it helps greatly to have the timeframe narrowed
down as tightly as possible -- so that's generally the first task.
Then, in web server logs, look for things that are out of the norm
-- e.g., a POST that has an odd name (or the names of the files in
question), or GETs that have QUERY_STRING values. Note, if you don't
properly sanitize the input (QUERY_STRING) that you're pulling from
a GET or POST, that can potentially be used as a path for doing fun
things on a site.
You should also be looking at the server security-oriented logs. In
a shared-hosting environment you likely don't have access to them,
but once you've narrowed down the likely timeframe you can talk with
your hosting provider and have them look.
- Richard
What is any log going to tell us? Only if it tells me exactly how they
got to my site will it be worthwhile. I really don't care who did it -
I just care how. That's not going to be in a log, is it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
