We moved your post in the moderators lounge out of the public eye cause you asked this and we already responded twice that there is no way to uploads a PHP file to our application so it appears they broke in elsewhere on your site and where able to write their file into our data directory because it is 777 permissions which it has to be to allow file uploads. I would suggest you search and see if there are exploits in other programs you use. We have not seen any on ours and the few topics over the years we have seen on this it always comes down to an external program that has an exploit. Our senior developer Michael even had something like this happen to him where they copied a file to his data directory but his investigation led to a flashchat program he used with his vbulletin forum.
I never got to see the second answer and I can't get access to where it was moved.
Anyhow I did have a hit counter running in the footer, here is the code below.
I just removed it and will delete out the .php files in the data directories.
So what do you think, was it the hit counter code?
It is possible I am not familiar with that app. I am sure there are other apps on your site. Just passing along the info as I see it. The only thing our program is going to put in the data directory are image files so if something else shows up there then it seems to be coming from some external app which is merely searching for a directory it can write to
And thanks Harry for your phone call this morning.
The other ap I have running is google adsence, can't imagine that playing games. For now I am going to point my finger at the counter code. Every folder that was set to 777 had a numbered .php file written into it. I saved some of them if you would like to check them out.
Actually, I have the same problem that I thought was resolved. Come to find out, some how in my data directory, there are no folders there for ads that are currently up and running. So when I try to edit the ad, it tells me that the /data/#/ is not available. And it isn't when I FTP and look inside. I have another thread that I thought was resolved. I just wanted to chime in because this happen a day ago also.
There are no security issues I am aware of having a directory set to 777 as thats needed universally for uploads to work to a server. Only way I have ever seen anyone hacked is when integrating with vbulletin and they are hacked due to a vb hack they where running.
At any rate 755 could work if your host had things worked out right but on most servers one needs 777.
Can you please confirm or deny the following that I fellow programmer shared with me? If this is a valid exploit, please delete or remove this post to a non searchable area to avoid educating the wrong people.
With a photo/data directory set to 777 you are subject to being used as an illegal photo server, including having p o r n pics posted on your site at night and removed in the morning...
You need to have the data directory set to 777 for uploads to work.
I cant tell you how to make it work as 755 as I am not a server host and do not know the specifics of what needs to be set on a server to allow that. I just know its possible. your host may know how to do it to allow file uploads etc without directories being 777 but for 99.9% of servers they need to be 777.