Code Igniter PHP injection vulnerabilities ? |
[eluser]Unknown[/eluser]
Hello, I have done a simple CodeIgniter site and it keep being hacked. Someone is deleting and/or replacing my index.php Do you think this vulnerability is caused by a hole in my PHP or simply because of my server configuration ? (I do not have any input forms on my site therefore the attacker can only make use of an URL/URI attack) I have my application and system folders on the root of my site since I do not have FTP access above (my hosting service doesn't allow it), but as the CI manual recommends I changed their names. Is the recent CodeIgniter known to be still vulnerable to some of the following ? http://exploitsdownload.com/search/codeigniter/ I don't know what to do. Does anybody have any idea in which direction should I be looking to solve this issue ??? I also have an .htacces, could that be the cause ? <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / #Removes access to the system folder by users. #Additionally this will allow you to create a System.php controller, #previously this would not have been possible. #'system' can be replaced if you have renamed your system folder. RewriteCond %{REQUEST_URI} ^my_system_encrypted_name.* RewriteRule ^(.*)$ /index.php?/$1 [L] #When your application folder isn't in the system folder #This snippet prevents user access to the application folder #Rename 'application' to your applications folder name. RewriteCond %{REQUEST_URI} ^my_application_encrypted_name.* RewriteRule ^(.*)$ /index.php?/$1 [L] #Checks to see if the user is attempting to access a valid file, #such as an image or css document, if this isn't true it sends the #request to index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L] </IfModule> <IfModule !mod_rewrite.c> # If we don't have mod_rewrite installed, all 404's # can be sent to index.php, and everything works as normal. # Submitted by: ElliotHaughin ErrorDocument 404 /index.php </IfModule> <IfModule mod_deflate.c> #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html </IfModule>
[eluser]Unknown[/eluser]
I think I am going to render all of my pages to simple plain HTML and see if the attack still occurs so that I can eliminate the hypothesis that there is something wrong with my PHP. |
Welcome Guest, Not a member yet? Register Sign In |