View Single Post
Old 03-25-2013, 4:07 PM
stilly stilly is offline
Join Date: Jul 2009
Location: Currently in a shanty I made in the river bottom by Eastvale.
Posts: 10,504
iTrader: 51 / 100%

Originally Posted by ocabj View Post
When I say "web daemon" I'm referring to the actual web server program. Typically, most web servers use Apache HTTPD, or the httpd service. httpd needs to be initially started as root (superuser) in order to bind to a privileged port (e.g. port 80), but all the httpd child processes (if the admin setup apache securely) will run as a non-privileged user. Usually that user is also called 'httpd', 'apache', 'www', or some other reserved username. Since httpd needs to be able to at the very least read your web directory in order to serve it out to the world, you usually have your web docs folder world readable (or at the very least, group readable for the httpd user's group).

Anyway, as long as you don't have any dirs or files that are writeable by the httpd user or httpd user's group, you should be fine, but this of course assumes that the web daemon isn't actually running as root for all child processes. Otherwise, any poorly written php code (especially anything that can write to disk) could potentially give an attacker a way to write to your web docs directory (or any files within).

Shell is basically an interactive interface to execute commands on the system. For example, you might SSH into your server to get to a command line interface. That is a shell. There are some functions in php that can be exploited (if they are not validating input) to invoke shell commands on the web server.

I see now. Well, a little better. I need to see things at different angles multiple times sometimes before I grasp their concept fully. The PHP IS mainly just a validation file for the e-mail form. I am going to guess that you might know how to use php and exploit it to get these shell commands? I need to test the site now although google has it still showing as clean, and it has been clean now for the past 3 days.

How about a good book to learn how to hack these things or how to plug the holes? I did not touch nor was I aware of those files in the urchin directory. Is there a website that has a checklist of things for me to look at before I can consider it locked down?

So maybe they found a way to exploit the single php file that I had and that allowed them to bypass security? Well they have not been back or if they have at least not in a way that I have noticed.
Reply With Quote