One of my website was hacked, exploited or whatever… recently. I thank that gentle hacker who just placed some files at my server and he was just checking log files and did not damage any file or database. I really thank him.
Well! I was using wordpress and I am with one of the best Web Hosting Servers available. Yes The BlueHost. They informed me that my website has been exploited and they stopped all services of my server till I approached them and asked for their help and they assisted me and we tracked the devil scripts and got rid of those.
– One file was about stealing Credit Card Information and then mailing script.
– Other file was including my errors log file to see doors for exploits.
Ohhh and one whole dangerous script which was meant for educational purposes as it was said in its headers but this guy was using it against website.
This script was for following purposes:
– Sql Injection Scanner
– Remote File Inclusion Scanner
– Local File Inclusion Scanner
– Remote Code Execution Scanner
– Mass Scan
– Integrated Shell, so you can execute commands on the server
– Security Mode to protect “dangerous” functions
– Spread Mode, to activate or disable Spread Function
– Single Spread Mode, to spread on RFI vulnerable sites
– Bypass Engines ON
Of course after doing its tasks it mails all information to its owner.
– And a selective or mass mailer script.
These all scripts were causing problem in my server.
Server support told me that I did not care about security of my domains that why it happened.
I would recommend following security measures to all webmasters and PHP developers.
- Regularly check for original files in web account root directory and www directory
- Keep track of files in root and www and see if there are other unwanted files are there
- Regularly contact support and ask them about status of your website
- Regularly check error logs
- Keep register_globals off in php.ini
- Check for file and folder permissions
- Do not place test scripts like uploading file script in case you are checking scripts online and you keep those there
- If you place uploading script at your website, make sure it validates files before uploading at your server and stops malicious files from uploading
- Regularly check all services, status of server, file permissions, indexes and all other security options which web host offers to you
Also my server support guided me for maximizing security at my server in following ways:
- Set register_globals to OFF in php.ini
- Turn off Display Error/Warning Messages. Set error_display to ZERO
- Never run unescaped queries
- Validate all user inputs. Items on Forms, in URLs and so on
- Move config.php and files containing Passwords to MySQL to a secure directory outside of the public_html folder
- Change permissions on any configuration files containing private information such as database passwords or email accounts to 440 so they cannot be written to and so there is no world permissions. If you need to edit them at a later time you will need to change it back to 640
- Access Control: You don’t want the user to have access to any Admin function or Clean up scripts
- Use .htaccess file for more security rules
- Use mod rewrite
- Keep the PHP code to yourself
Further more following are the links which will guide you to the way of PHP security implementation.