Reputation: 703
Site Possibly R7.txt Hacked - Can PHP access root directory on Server?
I'm wondering what sort of access PHP has to the root directory of the server machine running my Apache Webserver. I have been reading up about R7.txt shell attacks (http://www.temme.net/sander/2010/07/30/file-system-permissions-for-apache/) and need to know what could be accessed.
I realize that with R7 and similar script hacks, a hacker could gain access to the top level web directory. Could they get deeper? Would that depend on permission settings for Apache/PHP?
Running: PHP5 Apache2 OS X Server 10.6.8
However, this is a general non-build specific question.
Thanks in advance for your help.
Upvotes: 1
Views: 485
Answers (1)
Reputation: 35169
Nothing is safe. If a web-script can get access and write to various places, it could then leverage that to gain full access.
The best & safest thing you can do is wipe the serve and re-install it fresh.
Upvotes: 1
Related Questions
- Server Hack - Random Code added tot he top of PHP files
- PHP code help - hacked apache server
- A suspicious PHP file might
- How can a hacker put a file on my server root (apache, php, 1and1)
- Is my website possibly being hacked?
- Site hacked but file dates remain unchanged?
- Did my site get hacked?
- Can people write a .php file to my chmod 777 folder
- hacked website unusual php file
- Can PHP move around and edit root system files on a server?