Portal Home > Knowledgebase > Articles Database > Help with Hack using auto_prepend_file PHP function
Help with Hack using auto_prepend_file PHP function
|Posted by suhailc, 12-12-2011, 04:59 PM|
We've had one of our servers hacked on the weekend. It was running an outdated version of Wordpress which enabled the hacker to upload a malicious file.
They then managed to add the following line to the .htaccess file:
This resulted in them executing the "bo.php" file which gave them access to the website files. The server was not compromised.
Now this website was running PHP in DSO mode with only mod_security, but another attempt was made on the same website after it was moved to another server running SuPHP, Suhosin, mod_security.
This time the hack didn't work because php directives cannot be run from .htaccess under SuPHP, but does anyone know how they were able to add the following line to the .htaccess file as well as upload the core.php which contained the hack code?
The site was running as html files with max file perms of 644 and dir perms of 755. No outdated Wordpress or Joomla installed.
Any useful help/advice would be most appreciated.
|Posted by silasistefan, 12-13-2011, 09:01 AM|
|did you check the access/error log? it should give you an idea where is the issue and how did the attacker modified the .htaccess...
if you're not a technical person, maybe you should hire a sysadmin to look further into the issue...
Add to Favourites Print this Article
Firewall (Views: 323)