------------ Original Message ------------
> Date: Tuesday, October 07, 2014 14:07:01 +0000
> From: Richard <replies-lists-e7x6-php@xxxxxxxxxxxxxxxxxxxxx>
> To: php-general@xxxxxxxxxxxxx
> Subject: Re: Re: hacked!!
>
>> It is not strictly necessary to contact the hosting provider to
>> get this information. Besides using
>> posix_getpwuid(posix_geteuid()) (which may be available or not),
>> the following technique should work everywhere:
>>
>> * upload a dummy file via FTP and check the owner (the FTP client
>> should list this information)
>>
>> * create a dummy file with PHP and check the owner
>>
>> --
>> Christoph M. Becker
>
>
> Actually, the output of the phpinfo() function should show the user
> and group that the server is running as. If the "user" is the same
> as the login id that is being used to place files on the site, then
> fully securing the site against hacking is tricky. If it's only the
> "group" (or neither), then careful permissions control should have
> a positive effect.
>
> - Richard
>
Have you used the phpinfo() function to determine the user/group
that the web server is running as? Also, have you changed from using
ftp to sftp or scp?
Having 30 files touched (as you indicated in a separate thread)
implies a systemic issue and/or fairly freewheeling access.
- Richard
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
