duanfa0072 2011-12-24 12:54
浏览 31

由PHP黑客改变的配置文件,没有任何条目[关闭]

Well i have a script (It's secure for what i know. e.g. No direct file access using die()). Coded in PHP. But hackers would access the "conf.php" file and change its contents. But not all.

Normal File:

<?php
   /*
    * Some license
    */
     $conf['mysql_host'] = 'localhost';
     //some other details
?>

After hackers changed it:

Hi, we luve uhhhh<?php
 /*
  * Some license
  */
   $conf['mysql_host'] = 'locahost'];
   //Some other details
?>

Any solution? Please help. Oh and i did clean variables to prevent any XXS and SQL-injection attacks.

  • 写回答

2条回答 默认 最新

  • doutan5844 2011-12-24 12:59
    关注

    First of all, make a backup of the machine in the compromised state and restore it to a known good configuration. In most cases, this means a reinstallation. Unfortunately, there is no other feasible way to clean all the backdoors the attacker may have left in your system.

    You may also want to disconnect the machine temporarily. Since it has been hacked, it is probably used for illegal activities, and you may have a legal duty to suspend these asap.

    Then, analyze your code to find the vulnerability. An XSS or SQL injection should not allow an attacker to insert php code. After you have closed the vulnerability (and have audited the code for other, or at least similar vulnerabilities), you can reinstall your php scripts and reconnect the machine to the internet.

    评论

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题