Codeigniter hacked? |
[eluser]Martin Penev[/eluser]
Hi guys, Yesterday, a friend of mine told me, that the website for Starmountain snowboard community (www.starmountain.ch) has been hacked by a company. After kooking in to this, I've discovered, that someone or something has put additional code after the codeigniter code within the index.php. At first, I couldn't believe it, but it's true, somehow there was a javascript code. For Security reason, I just put in the code within the script-tags. Code: <!-- First I thought that was a break because i didn't valid and unxss all data, but every form field passed to the validation is being validated. How is it possible to write into a server-side script without any indication or usage of filewrite-code? Has anybody ever encountered something like this or has an answer? Greetings Martin
[eluser]GSV Sleeper Service[/eluser]
are they on a shared host? the host could be using an old version of cpanel.
[eluser]Martin Penev[/eluser]
shared host? yes, but it's not cPanel, i mean the official cPanel. It's more like a customized, perhabs self-programmed one. Any theories about the hack problem?
[eluser]johnwbaxter[/eluser]
Without having access to server access logs it would be difficult to tell how this has happened. Also, if there is not info on the file having changed it may lean towards a server breach and someone having changed the user on the file and the time it was modified. Also which version of CI is it on? I seem to remember there being a security vulnerability with an earlier version.
[eluser]xwero[/eluser]
What do you mean by Quote:How is it possible to write into a server-side script without any indication or usage of filewrite-code?Are you saying the modification time of the file isn't changed since the last time you uploaded the index file? I'm not much of a hacker but that would be hard to do i think? The problem could be the security measures of the server, too little restrictions uploading files or someone could have intercepted the ftp login for the site.
[eluser]johnwbaxter[/eluser]
I think it is possible to change the modified time of a file if you have enough access to the server. It seems like a lot of trouble to go to but it is possible i think.
[eluser]Martin Penev[/eluser]
[quote author="audiopleb" date="1213904921"]Without having access to server access logs it would be difficult to tell how this has happened. Also, if there is not info on the file having changed it may lean towards a server breach and someone having changed the user on the file and the time it was modified. Also which version of CI is it on? I seem to remember there being a security vulnerability with an earlier version.[/quote] Yea, I know, it's pretty difficult to tell without the log, I'll see, if I can contact the provider concerning this. The app is using Codeigniter v1.5.4. I didn't upgrade it yet. [quote author="xwero" date="1213905016"]What do you mean by Quote:How is it possible to write into a server-side script without any indication or usage of filewrite-code?Are you saying the modification time of the file isn't changed since the last time you uploaded the index file? I'm not much of a hacker but that would be hard to do i think? The problem could be the security measures of the server, too little restrictions uploading files or someone could have intercepted the ftp login for the site.[/quote] I know, I'm no expert in servers either. By "filewrite-code" I mean a PHP code, that writes into the file system, for example into a textfile. Since there's no such code within the app, there must be another reason for the hack. |
Welcome Guest, Not a member yet? Register Sign In |