As always, just want to say thank you in advance for all help and input.
I have a special site that I am a web developer and I am running into a unique problem. It seems that somehow something is happening in every PHP file on my site and adding some malware code. I have removed the code several times from every page and have changed the FTP and DB passwords, but there is no benefit.
Added code looks like - eval (base64_decode (string)) - which is string 3024 characters
Not sure if anyone else has this problem Or if someone has any idea about securing my php code.
Thanks again
The server itself can be compromised. Report the problem to your web host, what is their response?
An unsafe php script may get the ability to modify your PHP files in conjunction with incorrect file permissions. To eliminate this possibility, I will take the site down, remove all the files, upload it again, and switch the permissions across the site to refuse to write the file system.
Edit: To disable eval () for your account, ask your web host as a short fix if they If your salt is worth it then they should walk which is one.
Comments
Post a Comment