0

Yesterday, I visited my website as a normal visitor and everything was fine, but today when I tried to do, I got this message: "Access Denied.". So I checked it via FTP and found the index.php file damaged, and it was impossible to download it.

I don't understand this behavior? Does that make sense? is not it possible that someone has stolen my files using hacking techniques.

PS: I change my FTP password every time I finished with.

4

1 回答 1

2

Your index.php was probably overwritten by an unsafe PHP script. Check all files which handle file uploads. Control that they only allow saving into certain predefined folders and that file names with .. or / is not allowed. For example, check with realpath that the file destination is not outside the folder you decided.

于 2012-10-13T10:37:35.350 回答