PHP网站一直被黑客入侵

时间:2013-03-09 20:15:44

标签: php security

让我先说我不懂php。我不是后端程序员,我只做前端。我的未婚夫经营着一个Minecraft服务器,我同意将他的网站设置为他帮忙。他要求在php中添加一些与他的phpbb论坛相关的东西。我在研究方法的同时发现了这些并将其推广到网站中然后推出了。但他的网站一直被黑客入侵。

我们第一次遭到黑客攻击时,我们删除了所有的ftp帐户,只保留了一个帐户,只有一个密码。 我们更改了此帐户的密码 我们删除了我们没有创建的所有文件和文件夹,并使用我们的本地文件覆盖了我们的文件

今天早上它被黑了第二次,我们注意到有一个新的ftp帐户和各种文件夹和子文件夹下的数千个文件。我们向主人询问了这个问题,他们说这必须是php / script中的一个漏洞。我不知道如何保护它。我不知道这个漏洞在哪里。我花了一段时间寻找保护它的方法,并且一直在阅读有关php过滤器的内容,但我只是不明白如何实现它们?

以下是网站上唯一的PHP代码片段: 这个基本上只是连接到用户的论坛:

    <?php
    define('IN_PHPBB', true);
    $phpbb_root_path = '../forums/';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);
    // Start session management
    $user->session_begin();
    $auth->acl($user->data);
    $user->setup();
    ?>

    <?php if($user->data['is_registered'])
    {
        //User is already logged in
        echo '<div id="login">Welcome, ' . $user->data['username'] . ' ';
        $l_message_new = ($user->data['user_new_privmsg'] == 1) ? $user->lang['NEW_PM'] : $user->lang['NEW_PMS'];
        $l_privmsgs_text = sprintf($l_message_new, $user->data['user_new_privmsg']);
        echo '<span><a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx",         'i=pm&amp;folder=inbox') . '">' . $l_privmsgs_text . '</a></span></div><div         id="loginlayer"></div>';
        }
    else
    {
            echo ' ';
    }
         //user is not logged in  
    ?>

然后我有一个表格,一旦填写,在他们的论坛上创建一个主题:

    <?php
    /**
    *
    * @package phpBB3
    * @version $Id: twitpost.php,v1.0.0 2010/05/31 2:43 PM PPCW2 Exp $
    * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    *
    */

    /**
    * @ignore
    */

    define('IN_PHPBB', true);
    $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : '../forums/';
    $phpbb_admin_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : '../forums/';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);
    include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
    include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
    include($phpbb_root_path . 'includes/message_parser.' . $phpEx);

    // Start session management
    $user->session_begin();
    $auth->acl($user->data);
    $user->setup('common');


    $tmsg = request_var('tmsg', ''); // getting data from the submitted HTML form (name of the feild should be tmsg)
    $tt = request_var('tt', ''); // getting data from the submitted HTML form (name of the feild should be tt)
    $un = request_var('un', ''); // getting data from the submitted HTML form (name of the feild should be un)
    $username = "$un";
    $message = "[b]Username[/b]: " . $username . "\n" . "[b]Details[/b]: " . $tmsg . "\n";
    $forum = 14; //change to your forum id here

    $time = time();
    $rawsubject = "$tt";
    $my_subject   = utf8_normalize_nfc($rawsubject, '', true);
    $my_text   = utf8_normalize_nfc($message, '', true);

    // variables to hold the parameters for submit_post
    $poll = $uid = $bitfield = $options = '';

    generate_text_for_storage($my_subject, $uid, $bitfield, $options, false, false, false);
    generate_text_for_storage($my_text, $uid, $bitfield, $options, true, true, true);

    $data = array(
           'forum_id'      => $forum,
           'icon_id'      => false,

           'enable_bbcode'      => true,
           'enable_smilies'   => true,
           'enable_urls'      => true,
           'enable_sig'      => true,

           'message'      => $my_text,
           'message_md5'   => md5($my_text),

           'bbcode_bitfield'   => $bitfield,
           'bbcode_uid'      => $uid,

           'post_edit_locked'   => 0,
           'topic_title'      => $my_subject,
           'notify_set'      => false,
           'notify'         => false,
           'post_time'       => 0,
           'forum_name'      => '',
           'enable_indexing'   => true,
    );

    submit_post('post', $my_subject, $user->data['username'], POST_NORMAL, $poll, $data);
    $redirect_url = append_sid("{$phpbb_root_path}/viewforum.$phpEx?f=$forum", false, true, $user->session_id);
    meta_refresh(2, $redirect_url); 
    trigger_error('Issue Posted' . '<br /><br />Taking you to the issues forum ' . sprintf('<a href="' . $redirect_url . '">', '</a>'));
    ?>

然后登录表单:

    <?php if($user->data['is_registered'])
    {
        //User is already logged in
        echo '<div id="loginarea" class="bluebox">
        <h1>Log In</h1>You are already logged in!</div>';
        }
    else
    {
            echo '<div id="loginarea" class="bluebox">
        <h1>Log In</h1><form method="POST" action="/forums/ucp.php?mode=login">
            <p><span>Enter your Username:</span><br>
    <input type="text" name="username"><br>

            <span>Password:</span><br>
    <input type="password" name="password"><br>

    <input type="submit" class="btns donatebtn" value="Submit" name="login">
    <input type="hidden" name="redirect" value="../index.php">
    </form></div>';
    }
         //user is not logged in  
    ?>

那就是它!有什么建议?非常感谢你

2 个答案:

答案 0 :(得分:1)

如果有人登录服务器并创建FTP帐户,那你为什么要查看PHP。如果他们能够登录到服务器,那么服务器用户名/密码必须是微不足道的,否则其他地方就会出现严重的安全问题!

您需要了解某人是如何登录服务器的。

答案 1 :(得分:0)

我认为在Serverfault上可能会提出更好的问题 - 在那里已经就如何处理受感染的服务器进行了很好的回复。其中一个主要建议是重建系统,而不是只尝试简单地删除帐户和更改密码等,因为您不知道他们是如何进入的,如果更改密码不太可能再次阻止它发生它是一个真正的漏洞。值得一读:

https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server/218011#218011

相关问题
最新问题