how hackers hacking the website ?
how hackers are injecting code to the website ?
Some times some of my websites are hacked by hackers. Somehow they are modifying the files by injecting some codes. How hackers are injecting the codes to the site ? What technique they are using to modify the files ? Some where I read that the files / folders with full permissions has high possibility to get hacked. How a hacker modify the file which is having the write access.? I have Lots of questions regarding this. Please help me to clear my doubts.. |
Here's a few:
- lack of proper knowledge to run and admin Linux "the Linux way" (often the first symptom is the "admin" using a web-based management panel), - running outdated, vulnerable software versions (think CMS, web log, forum, shopping cart, statistics package or plugin), - OS misconfiguration (like using root to SSH or SCP or FTP files over), - software misconfiguration (like giving web content or upload directories octal mode 777 access rights), - not cleaning up installation files after the installation, - unprotected admin files or directories (like /phpadmin), - running a web site on an already compromised shared host, - leeched FTP and other credentials of editors. If you want answers suitable for your specific situation please be specific and verbose when asking questions. |
if a file having 666 or 777 permission, how a hacker updating that particular file ?
what technique is using to insert the code to that file ? |
Code can be injected by creating a remote shell. A remote shell can be created by using an open port on your computer. A hacker can more easily modify a file with 777 permissions because anybody with access to the computer can get into that file; thus, even if the remote shell that the hacker is in doesn't give him root access he can still read and write to that file. To help keep a hacker from getting a remote shell to your computer you need to close all ports that your computer doesn't need. Hope this helps!
|
setting permissions to 777 (or 666) itself is safe, it is not a problem. But a hacker (if he was already inside) can easily modify those files/dirs.
|
Quote:
Quote:
It would be better (safe for others, efficient) if you start by checking the practices and software versions of your "hacked web sites" and take it from there: in the end the method should not be leading but how to fix things. |
Quote:
|
I have a small doubt.
Just Imagine a situation. 1. I created a file in my domain http://example.com/test.html 2. and I given 777 permission for test.html Then is it possible to inject the code to this file ? If yes, how ? |
Quote:
I suggest you stop prevaricating and address the cause. |
That would be publishing an exploit which is against LQ rules ;)
|
Quote:
|
Quote:
|
Quote:
No, definitely not enough to set permissions to 777 to allow injection. From the other side if someone was able to open a remote shell (that could be a security hole) he could also be able to modify that file (and in case he could have root access he would not need 777 or 666 to inject anything). The main goal is to protect your host, not only your files. |
Quote:
|
Quote:
The more important point is warning people one sees fscking things up good because they don't understand Linux basics, because some stupid vendor, web log or HOWTO web site told them or because of untruths are propagated elsewhere. In this respect access permissions aren't the overarching reason for i-frame injections but a misunderstanding or neglect of one of the core tenets of UNIX: the least privilege principle. More than that voicing misconceptions distracts from the real priority here and that is to point the OP to actions to perform. Unfortunately the OP hasn't returned since post #10 so I can only hope he understood what he should do. |
All times are GMT -5. The time now is 09:26 PM. |