Programming C, C++, Java, PHP, Ruby, Turing, VB
Computer Science Canada 
Programming C, C++, Java, PHP, Ruby, Turing, VB  

Username:   Password: 
 RegisterRegister   

 WikiWiki   BlogBlog   SearchSearch   TuringTuring   Chat Room  MembersMembers 
 PHP Hacking
Index -> Programming, PHP -> PHP Help
View previous topic Printable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic
Author Message
agnivohneb
PostPosted: Mon Mar 19, 2007 10:49 am   Post subject: PHP Hacking
I would like to know if there is any way to hack php and get the source code off a site. I just want to know to make the security on my site a little better. I have some php pages that have very important information that I only want displayed to some users. but some how someone is getting in and seeing that info. If there is any possible way please let me know how to do it and also how to fix it.
Sponsor
Sponsor
Sponsor
sponsor
rdrake
PostPosted: Mon Mar 19, 2007 11:26 am   Post subject: Re: PHP Hacking
...PHP source code is processed by the PHP executable and the output of that is sent to the browser only. If you were to do something stupid, like let's say... write a script that outputted contents of files on your server, then the source could be displayed. Without doing something as dumb as that (without limiting what the user can view), the user cannot view your source code. Just make damn sure your server actually processes the PHP files, not outputs their contents. If you don't know how to test for this, I honestly don't know what to say Confused.

A good way (that's Apache only really) is to put files you want protected in a separate folder, writing an .htaccess file in order to limit access to certain users. Google it.
PaulButler
PostPosted: Mon Mar 19, 2007 2:17 pm   Post subject: RE:PHP Hacking
It could be many things. If you post your code, and maybe apache logs, we might be able to help you better. How do you know that someone is accessing the private pages?
rdrake
PostPosted: Mon Mar 19, 2007 4:21 pm   Post subject: RE:PHP Hacking
I see you're using Mambo. Such issues are usually resolved by the development team. Just make sure you have the latest version installed at all times.

Many sites offer independent security advisories, just Google around for "Mambo security advisories."
agnivohneb
PostPosted: Tue Mar 20, 2007 5:35 pm   Post subject: Re: PHP Hacking
PaulButler wrote:
How do you know that someone is accessing the private pages?

I look at my logs very closely and I seen my information that I put there on another site. (lost the URL, just randomly found it)

rdrake wrote:
I see you're using Mambo.

I don't use Mambo. I use Joomla! on my site.
But still it's not even on Joomla!, not even on the same server. Its on a page a friend made and I asked him and he has no clue.

But anyway just forget about it. I'll just use a .htaccess file to add more security.
rdrake
PostPosted: Tue Mar 20, 2007 5:41 pm   Post subject: Re: PHP Hacking
agnivohneb @ Tue Mar 20, 2007 5:35 pm wrote:
rdrake wrote:
I see you're using Mambo.

I don't use Mambo. I use Joomla! on my site.
Looking at a family tree of Joomla! you'll see something like the following.
code:
Mambo -> Joomla!

Wink
agnivohneb
PostPosted: Tue Mar 20, 2007 5:52 pm   Post subject: Re: PHP Hacking
meh

i call it joomla.
Display posts from previous:   
   Index -> Programming, PHP -> PHP Help
View previous topic Tell A FriendPrintable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic

Page 1 of 1  [ 7 Posts ]
Jump to:   


Style:  
Search:


You can syndicate this boards posts using the file backend.php or view the topic map using sitemap.php.

Terms of Use | Privacy Policy