------------ Original Message ------------ > Date: Friday, October 03, 2014 13:22:19 -0700 > From: ellis@xxxxxxxxxxx > Subject: Re: Re: hacked!! > >> He's on shared hosting, so only some of these are options for him. >> However, this does raise the issue that he should review all >> directories/files (not forgetting to look for hidden >> directories/files) that he controls on his site (including those >> outside the web server tree) to make certain that nothing else has >> been added/altered. Doing a full restore from a clean (before >> known incident data) backup is generally the advised approach. > > The big thing he needs to do is make sure the document tree is > *NOT* wriable by the web server. Way too many packages have > instuctions that say to chmod directories to 777 and that's how > these hacks happen. > Yes, this is a common problem. The directories/files in the document tree should *never* be owned or writable by the user that is running the web server software. [in those special cases where it needs to be writable by the server, very special care needs to be taken to secure things.] - Richard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
