
-----------------------------------
agnivohneb
Mon Mar 19, 2007 10:49 am

PHP Hacking
-----------------------------------
I would like to know if there is any way to hack php and get the source code off a site. I just want to know to make the security on my site a little better. I have some php pages that have very important information that I only want displayed to some users. but some how someone is getting in and seeing that info. If there is any possible way please let me know how to do it and also how to fix it.

-----------------------------------
rdrake
Mon Mar 19, 2007 11:26 am

Re: PHP Hacking
-----------------------------------
...PHP source code is processed by the PHP executable and the output of that is sent to the browser only.  If you were to do something stupid, like let's say... write a script that outputted contents of files on your server, then the source could be displayed.  Without doing something as dumb as that (without limiting what the user can view), the user cannot view your source code.  Just make damn sure your server actually processes the PHP files, not outputs their contents.  If you don't know how to test for this, I honestly don't know what to say :?.

A good way (that's Apache only really) is to put files you want protected in a separate folder, writing an .htaccess file in order to limit access to certain users.  Google it.

-----------------------------------
PaulButler
Mon Mar 19, 2007 2:17 pm

RE:PHP Hacking
-----------------------------------
It could be many things. If you post your code, and maybe apache logs, we might be able to help you better. How do you know that someone is accessing the private pages?

-----------------------------------
rdrake
Mon Mar 19, 2007 4:21 pm

RE:PHP Hacking
-----------------------------------
I see you're using Mambo.  Such issues are usually resolved by the development team.  Just make sure you have the latest version installed at all times.

Many sites offer independent security advisories, just Google around for "Mambo security advisories."

-----------------------------------
agnivohneb
Tue Mar 20, 2007 5:35 pm

Re: PHP Hacking
-----------------------------------
How do you know that someone is accessing the private pages?
I look at my logs very closely and I seen my information that I put there on another site. (lost the URL, just randomly found it)

I see you're using Mambo.
I don't use Mambo. I use Joomla! on my site.
But still it's not even on Joomla!, not even on the same server. Its on a page a friend made and I asked him and he has no clue.

But anyway just forget about it. I'll just use a .htaccess file to add more security.

-----------------------------------
rdrake
Tue Mar 20, 2007 5:41 pm

Re: PHP Hacking
-----------------------------------
I see you're using Mambo.
I don't use Mambo. I use Joomla! on my site.Looking at a family tree of Joomla! you'll see something like the following.
Mambo -> Joomla!
;-)

-----------------------------------
agnivohneb
Tue Mar 20, 2007 5:52 pm

Re: PHP Hacking
-----------------------------------
meh

i call it joomla.