PHP files get edited by spammers [on hold]

0 投票
最新提问 用户: (120 分)

Anti-spam conditions disappear from mailer PHP files while contact form is being simultaneously attacked by spammers.

This is the second time in a week this has happened. Lines of spam-preventing code just get removed from my PHP file (nothing gets added). I have contacted the server people but they said it's not their problem and something is wrong with PHP itself.

What are the best steps to take to make sure this doesn't happen? Are there any htaccess or ftp security settings I could make use of?

2 个回答

0 投票
最新回答 用户: (140 分)

Files don't just have lines randomly disappear.

Someone has access to your server files, either through some form of attack on your webserver (a vulnerability in your code), FTP/STFP/SSH access, or you have something in your code manually editing these files.

It may even be something as simple as you forgetting to save the files correctly, or an old version of the files getting replenished if you have some version management system.

Either way, I suggest changing passwords, increasing security, checking file permission, etc.

0 投票
最新回答 用户: (180 分)

It could be possible that you're simply overwriting your files with versions that don't have the tags in them. Double-check that your plugins and upload scripts don't have permission to overwrite these files without your permission.

If you are worried about your security though, the most common forms of injection of files is through image uploads and forums. Ensure that if you are using any database connections, that you use either MySQLi or PDO, and remember to use parameterised queries!

While you could make a few FTP or .htaccess rules, they aren't really going to stop any potential hackers. The best thing you can do is to make sure you don't have any security vulnerabilities that can be exploited.

If you're running WordPress, run your site through WPScans to make sure there are no vulnerable plugins that you're using (there's literally thousands of vulnerable plugins).

For further reading on security vulnerabilities and how to address them, I recommend checking out the OWASP Top 10 cheat sheet.

Hope this helps! :)

发表于 用户: (120 分)
Thank you! I'll double check everything, there is a CMS installed in a different directory, I have added a security plugin into it and scanned all files, will see if it solves the problem! Thank you for the cheat sheet, will give it a thorough read.
发表于 用户: (180 分)
No problem :) Keep in mind that there are a tonne of different methods for an attacker to upload a file, so if you have a breach, it may not even be limited to your PHP. CMSes are notorious for breaches, though plugins are also notorious for having scripts that auto-update individual components. In my opinion, it's probably a plugin at fault, but OWASP is always a good read :)
欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。