compromised site
Posted
by pinniger
on Server Fault
See other posts from Server Fault
or by pinniger
Published on 2010-06-14T12:19:50Z
Indexed on
2010/06/14
14:53 UTC
Read the original article
Hit count: 184
So, I have a web site that has been compromised twice in two weeks. every index.php and .js file gets a script injecting into the source code of the file. The problem is that I have no idea how they're doing it. I've seen this done via sql injection before, but I don't know how they are actually writing to the file. I've dug through the Apache logs but didn't find anything interesting. The site is built using the cakephp framework on a godaddy shared server.
Anybody know what secturity settings or log files to check to see how they are doing this?
© Server Fault or respective owner