PHP Applications Vulnerability & Solution to it

PHP has got a lot of very vulnerable and potentially exploitable functions. Hackers have been enjoying these security lapses for a long time. Most of the PHP applications like Joomla, PhpBB, PhpNuke etc are community developed. This application may have potential security vulnerabilities and hackers may exploit them. Most of the website hacking are done using vulnerabilities in PHP applications.

All community developed PHP applications are patched as & when new vulnerabilities are discovered. So you should upgrade/patch PHP applications in your website from time to time. Failing to upgrade/patch PHP applications in your website is equal to opening a backdoor for the hacker on your website.

A backdoor shell is a malicious piece of code (e.g. PHP, Python, Ruby) that can be uploaded to a site to gain access to files stored on that site. Once it is uploaded, the hacker can use it to edit, delete, or download any files on the site, or upload their own.

This is a rising trend and every individual needs to keep a track of the actions carried on their sites. Any attempts to put in Malware or Script Injections on an account occur mostly due to the following reasons:

  • Improper write permissions are set for any of your files/directories on the web server. Please make sure that none other than extremely required folders have to write permissions for users.
  • Your FTP details are compromised.
  • The Local System from where you connect to the Web Server is infected.
  • Known exploits in CMS applications

Hence to resolve vulnerability issue, you could take the following steps:

  1. Download the current content of your site and perform a security audit on every file of your site. Check through the code to see if there are other files too infected with the IFRAME injections.
  2. Clean all such files.
  3. Change your FTP passwords to stronger ones. Keep changing the passwords frequently.
  4. Scan your local system with some good AntiVirus and Malware remover, to make sure your system is also infection free.
  5. Upload all new file again to the server.
  6. Avoid 777 permissions on any file or folder.
  7. Change both the FTP user and database user password so that the database is not injected.
  8. Always use updated version of CMS and themes/plugins.
  9. Ensure that all the themes and files are of latest versions.
That is it!
  • PHP Vulnerability, Stop Hackers Now
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

PHP-based Form Mail (Feedback) Script

Using a PHP script, you may accept feedback from your website visitors and get the results...

Perl-based Form Mail (Feedback) Script

Using a Perl script, you may accept feedback from your website visitors and get the results...

PHP Script to Test MySQL Database Connectivity

Provided below is a simple PHP script to test MySQL database connectivity. The result of this...

Powered by WHMCompleteSolution