CodeIgniter Forums
Is my site being attacked? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: Is my site being attacked? (/thread-65670.html)

Pages: 1 2


Is my site being attacked? - TuanTa - 07-10-2016

Hello all,
    Today, I cannot access my site. I asked The Host provider to check the server. They said that I seem that your site is being attacked & ask me to check configuration of my site. 

I'm using CodeIgniter 3.0, My site has being worked since last year, It's no problem. However, today, I checked on the host, a lot of files were generated, I don't know why (Please see attachment images)
It seems that my site is being attacked by some one.

I don't have much experience with CodeIgniter. Is there anycode that generated these files? How can I prevent this? (I'm using DEFAULTS CONFIGURATION of CodeIgniter3.0). 

Could you help me please?

BIG Thanks for your helper!

Regards,
Tuan


RE: Is my site being attacked? - Paradinight - 07-10-2016

It called session.
You save the session in the folder, change the config.

http://www.codeigniter.com/user_guide/libraries/sessions.html#files-driver


RE: Is my site being attacked? - TuanTa - 07-10-2016

I'd like to say BIG THANKS Paradinight, let I try to check my config as your guide now!


RE: Is my site being attacked? - TuanTa - 07-12-2016

Hi guy,
I try to work as guide & search from google, But My website is still failed.

As the guide about the ci_session, I changed my config.php to
{
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
//$config['sess_save_path'] = NULL; --> default config of CI
$config['sess_save_path'] = 'ci_sessions'; --> change to this
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
}

If I changed as this, I can access my website (http://hotfashion.vn), but I can not buy product (Go to a product detail -> click "MUA NGAY" button)

When I click MUA NGAY button --> this product will be added into cart ( CodeIgniter lib) successed, but I can NOT redirect to controller ( I used redirect('giohang/') - "giohang" is a controller, "add" is a method of "giohang". ( I also try to redirect to google for testing [ $testDirection = "http://www.google.com"; header("Location:$testDirection");]
or use the exactly url [redirect('http://www.hotfashion.vn/index.php/giohang');]
==> It also can NOT redirect.
ONE MORE THING, THIS CONFIG CAN WORK ON LOCALHOST, BUT NOT WORK ON LIVE SERVER

In the past, "redirect('giohang');" worked well (with config [$config['sess_save_path'] = NULL; ]). I don't use ci_session.

However, now, If I use [$config['sess_save_path'] = NULL; ] ==> I can NOT access my website ==> It's a blank page without any information.


2. One more thing, why I change to [$config['sess_save_path'] = 'ci_sessions'; ], a lot of files "ci_sessionxxxxxxx" were generated into folder "wwww/ci_sessions".
I'm sure that these files were generated automatically or by attacking from hacker ( because my website's visitor is very little before this accident)

What is wrong with my config? ( although this config worked well before (without ci_sessions)
How can I prevent the automatically generated these ci_sessionxxxx files?

Please see my codes as links:
.htaccess https://drive.google.com/open?id=0B7yfHlb60b6KZVBnRjFhWE5Demc
Config.php https://drive.google.com/open?id=0B7yfHlb60b6KOE45SlpuUDAxazA
Giohang.php https://drive.google.com/open?id=0B7yfHlb60b6KS1g4NDVaVTNVZnc

Thanks a lot for your help!


RE: Is my site being attacked? - pdthinh - 07-12-2016

You can't send any content before header sent. In your giohang/add method you use echo(), print_r(), ... so they will prevent redirect() to work.
About $config['sess_save_path'] the manual said:
Code:
'sess_save_path'
|
| The location to save sessions to, driver dependant.
|
| For the 'files' driver, it's a path to a writable directory.
| WARNING: Only absolute paths are supported!



RE: Is my site being attacked? - marksman - 07-12-2016

Looks like you have changed your session directory to your public_html


RE: Is my site being attacked? - TuanTa - 07-13-2016

(07-12-2016, 08:09 PM)pdthinh Wrote: You can't send any content before header sent. In your giohang/add method you use echo(), print_r(), ... so they will prevent redirect() to work.
About $config['sess_save_path'] the manual said:
Code:
'sess_save_path'
|
| The location to save sessions to, driver dependant.
|
| For the 'files' driver, it's a path to a writable directory.
| WARNING: Only absolute paths are supported!

Thanks pdthinh so much. 
I removed all "echo, print, print_r", now redirect() can work well.

However, I have a concern. In the past, I used default config ($config['sess_save_path'] = NULLWink --> my site can work well, but NOW I use the same default config , It does NOT work (Blank page). 

That is the reason I must used "$config['sess_save_path'] = 'ci_sessions';" --> I had problem with direction() ( cause is "echo, print, print_r" was executed before redirect()

Thanks so much pdthinh again!


RE: Is my site being attacked? - TuanTa - 07-13-2016

(07-12-2016, 10:19 PM)marksman Wrote: Looks like you have changed your session directory to your public_html

Hi marksman,
    Actually, I don't have much experience on CI.
I read Paradinight  's link above & researched on Google. They suggest I configure "$config['sess_save_path'] = 'ci_sessions'; "

My website is very simple, just show product detail & allow user to buy ("MUA NGAY") product, so I don't need to store users's session. But the site is BLANK PAGE if I use default config "$config['sess_save_path'] = NULL;". I don't know the reason although It worked well in the past.

NOW, when I set "$config['sess_save_path'] = 'ci_sessions'; " ==> a "ci_sessions" folder were create in public_html folder (public_html/ci_sessions).
A lot of ci_sessionxxxxxxxxx were generated in "ci_sessions" folder. I don't know why the session is called to many times & generated too many files as the attachment link ( My website DO NOT have a lot of users).

ci_session_file link : https://drive.google.com/open?id=0B7yfHlb60b6KbUx3Sk45N29fT2s

HOW CAN I STOP GENERATING these files? Is there any default trigger that calls & generates automatically these ci_sessionxxxxx files?

THANKS A LOT!


RE: Is my site being attacked? - behrooz1x - 07-13-2016

Hi

If you still need session you can Change your session config to a database type(use database table not files like that), and for stopping session entirly driver, you can remove loading session driver in 'confing/autoload.php' or your controller(if load driver in that).

RankeUP


RE: Is my site being attacked? - pdthinh - 07-13-2016

(07-13-2016, 01:02 AM)TuanTa Wrote:
(07-12-2016, 10:19 PM)marksman Wrote: Looks like you have changed your session directory to your public_html

Hi marksman,
    Actually, I don't have much experience on CI.
I read Paradinight  's link above & researched on Google. They suggest I configure "$config['sess_save_path'] = 'ci_sessions'; "

My website is very simple, just show product detail & allow user to buy ("MUA NGAY") product, so I don't need to store users's session. But the site is BLANK PAGE if I use default config "$config['sess_save_path'] = NULL;". I don't know the reason although It worked well in the past.

NOW, when I set "$config['sess_save_path'] = 'ci_sessions'; " ==> a "ci_sessions" folder were create in public_html folder (public_html/ci_sessions).
A lot of ci_sessionxxxxxxxxx were generated in "ci_sessions" folder. I don't know why the session is called to many times & generated too many files as the attachment link ( My website DO NOT have a lot of users).

ci_session_file link : https://drive.google.com/open?id=0B7yfHlb60b6KbUx3Sk45N29fT2s

HOW CAN I STOP GENERATING these files? Is there any default trigger that calls & generates automatically these ci_sessionxxxxx files?

THANKS A LOT!

Session is needed for shopping cart app, and it is needed for initializing shopping cart class.