CodeIgniter Forums

Full Version: Is my site being attacked?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Hello all,
    Today, I cannot access my site. I asked The Host provider to check the server. They said that I seem that your site is being attacked & ask me to check configuration of my site. 

I'm using CodeIgniter 3.0, My site has being worked since last year, It's no problem. However, today, I checked on the host, a lot of files were generated, I don't know why (Please see attachment images)
It seems that my site is being attacked by some one.

I don't have much experience with CodeIgniter. Is there anycode that generated these files? How can I prevent this? (I'm using DEFAULTS CONFIGURATION of CodeIgniter3.0). 

Could you help me please?

BIG Thanks for your helper!

Regards,
Tuan
It called session.
You save the session in the folder, change the config.

http://www.codeigniter.com/user_guide/li...les-driver
I'd like to say BIG THANKS Paradinight, let I try to check my config as your guide now!
Hi guy,
I try to work as guide & search from google, But My website is still failed.

As the guide about the ci_session, I changed my config.php to
{
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
//$config['sess_save_path'] = NULL; --> default config of CI
$config['sess_save_path'] = 'ci_sessions'; --> change to this
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
}

If I changed as this, I can access my website (http://hotfashion.vn), but I can not buy product (Go to a product detail -> click "MUA NGAY" button)

When I click MUA NGAY button --> this product will be added into cart ( CodeIgniter lib) successed, but I can NOT redirect to controller ( I used redirect('giohang/') - "giohang" is a controller, "add" is a method of "giohang". ( I also try to redirect to google for testing [ $testDirection = "http://www.google.com"; header("Location:$testDirection");]
or use the exactly url [redirect('http://www.hotfashion.vn/index.php/giohang');]
==> It also can NOT redirect.
ONE MORE THING, THIS CONFIG CAN WORK ON LOCALHOST, BUT NOT WORK ON LIVE SERVER

In the past, "redirect('giohang');" worked well (with config [$config['sess_save_path'] = NULL; ]). I don't use ci_session.

However, now, If I use [$config['sess_save_path'] = NULL; ] ==> I can NOT access my website ==> It's a blank page without any information.


2. One more thing, why I change to [$config['sess_save_path'] = 'ci_sessions'; ], a lot of files "ci_sessionxxxxxxx" were generated into folder "wwww/ci_sessions".
I'm sure that these files were generated automatically or by attacking from hacker ( because my website's visitor is very little before this accident)

What is wrong with my config? ( although this config worked well before (without ci_sessions)
How can I prevent the automatically generated these ci_sessionxxxx files?

Please see my codes as links:
.htaccess https://drive.google.com/open?id=0B7yfHl...jFhWE5Demc
Config.php https://drive.google.com/open?id=0B7yfHl...lpuUDAxazA
Giohang.php https://drive.google.com/open?id=0B7yfHl...DVaVTNVZnc

Thanks a lot for your help!
You can't send any content before header sent. In your giohang/add method you use echo(), print_r(), ... so they will prevent redirect() to work.
About $config['sess_save_path'] the manual said:
Code:
'sess_save_path'
|
| The location to save sessions to, driver dependant.
|
| For the 'files' driver, it's a path to a writable directory.
| WARNING: Only absolute paths are supported!
Looks like you have changed your session directory to your public_html
(07-12-2016, 08:09 PM)pdthinh Wrote: [ -> ]You can't send any content before header sent. In your giohang/add method you use echo(), print_r(), ... so they will prevent redirect() to work.
About $config['sess_save_path'] the manual said:
Code:
'sess_save_path'
|
| The location to save sessions to, driver dependant.
|
| For the 'files' driver, it's a path to a writable directory.
| WARNING: Only absolute paths are supported!

Thanks pdthinh so much. 
I removed all "echo, print, print_r", now redirect() can work well.

However, I have a concern. In the past, I used default config ($config['sess_save_path'] = NULLWink --> my site can work well, but NOW I use the same default config , It does NOT work (Blank page). 

That is the reason I must used "$config['sess_save_path'] = 'ci_sessions';" --> I had problem with direction() ( cause is "echo, print, print_r" was executed before redirect()

Thanks so much pdthinh again!
(07-12-2016, 10:19 PM)marksman Wrote: [ -> ]Looks like you have changed your session directory to your public_html

Hi marksman,
    Actually, I don't have much experience on CI.
I read Paradinight  's link above & researched on Google. They suggest I configure "$config['sess_save_path'] = 'ci_sessions'; "

My website is very simple, just show product detail & allow user to buy ("MUA NGAY") product, so I don't need to store users's session. But the site is BLANK PAGE if I use default config "$config['sess_save_path'] = NULL;". I don't know the reason although It worked well in the past.

NOW, when I set "$config['sess_save_path'] = 'ci_sessions'; " ==> a "ci_sessions" folder were create in public_html folder (public_html/ci_sessions).
A lot of ci_sessionxxxxxxxxx were generated in "ci_sessions" folder. I don't know why the session is called to many times & generated too many files as the attachment link ( My website DO NOT have a lot of users).

ci_session_file link : https://drive.google.com/open?id=0B7yfHl...k45N29fT2s

HOW CAN I STOP GENERATING these files? Is there any default trigger that calls & generates automatically these ci_sessionxxxxx files?

THANKS A LOT!
Hi

If you still need session you can Change your session config to a database type(use database table not files like that), and for stopping session entirly driver, you can remove loading session driver in 'confing/autoload.php' or your controller(if load driver in that).

RankeUP
(07-13-2016, 01:02 AM)TuanTa Wrote: [ -> ]
(07-12-2016, 10:19 PM)marksman Wrote: [ -> ]Looks like you have changed your session directory to your public_html

Hi marksman,
    Actually, I don't have much experience on CI.
I read Paradinight  's link above & researched on Google. They suggest I configure "$config['sess_save_path'] = 'ci_sessions'; "

My website is very simple, just show product detail & allow user to buy ("MUA NGAY") product, so I don't need to store users's session. But the site is BLANK PAGE if I use default config "$config['sess_save_path'] = NULL;". I don't know the reason although It worked well in the past.

NOW, when I set "$config['sess_save_path'] = 'ci_sessions'; " ==> a "ci_sessions" folder were create in public_html folder (public_html/ci_sessions).
A lot of ci_sessionxxxxxxxxx were generated in "ci_sessions" folder. I don't know why the session is called to many times & generated too many files as the attachment link ( My website DO NOT have a lot of users).

ci_session_file link : https://drive.google.com/open?id=0B7yfHl...k45N29fT2s

HOW CAN I STOP GENERATING these files? Is there any default trigger that calls & generates automatically these ci_sessionxxxxx files?

THANKS A LOT!

Session is needed for shopping cart app, and it is needed for initializing shopping cart class.
Pages: 1 2