Exploits and Known Issues

Hey, I have faced something similar of a problem before, and it's a known php script vulnerability. My quick fix before don't seem to work for all situations so Im going to present it here in case someone else has a better solution.

The exploit is a the r57shell.php file installed on the server replacing your index.php file or other files. It is also sometimes named differently but the exploit is still the same. Once it is installed, if someone browses through an infected site. The visitor is automatically is infected by a trojan for windows machine.

So do you guys have any ideas in preventing this known issue once and for all?

The only way for this to happen is by having write permissions in the server. This can be done either by a script that writes and has some bug, or by an XSS vurnerability.

In most cases this type of hacking happens to the whole server. One quick solution is to chown all the files to the root user. This way even if there is the vurnerability there is no way to write the index.php or other file in the server.

In any way you should contact your hosting company as this is probably their problem

Would changing the index address other than the index for example via htaccess could at least stop this kind of attempt affect the operation of the site? At least if a server wide attack is made and all files affected are index files, at least your htaccess calls a different named index for your site.

Although it isn't a complete fix to the real problem, at least for the continued operation of a site...

You don't need to do that. After all this will make your work harder when you are about to install open source software in your sites (where index.php will be always there...)

By changing ownership to root you will be ok

Thanks for the tip Nik, I'' look into that pretty soon, I've been bugged about this since last year, although I had a quick fix, some other hosts do have a different way of handling scripts.