(PHP) is my page being hacked?

software development

#1

hi i have a page that gets the user ip and if the user ip is in the array of banned ips it will show a message that their ip is banned and if the user ip is not in the list it will show the real page. today i just notice that the file which is in php is 0kb(meaning empty file) it happened to me more than 5 times. is my page is being hacked? the file chmod is 644.
can someone pls help me?
thanks.


#2

It is possible. Are you allowing FTP access to your account or have you sensibly disabled that? If you are, check your FTP logins by logging in to the shell and running the following command:last <username>si-blog
Max discount on any plan with promocode SCJESSEYTOTAL


#3

no i dont. iam the only one who use the account.
it says:
Users on “My Name” (1 / unlimited users)

one more thing it only happens to that particular file.
heres my code on that file.

<?php $user_ip = $_SERVER['REMOTE_ADDR']; $banned_ips = array ('xxx.x.xx.xx','xxx.xx.xxx.xxx','xxx.xx.xxx.xx'); if (in_array($_SERVER['REMOTE_ADDR'], $banned_ips)) { echo "YOU ARE BANNED"; } else { echo "YOU ARE NOT BANNED"; } ?>

#4

You might try marking the file read only after making changes to it. You might even want to make sure that it’s not in the hosted filesystem in case someone picked off the filename.

Wholly - Use promo code WhollyMindless for full 97$ credit until 12/11/07.


#5

[quote]no i dont. iam the only one who use the account.
it says:
Users on “My Name” (1 / unlimited users)[/quote]
I understand that, but what scjessey was suggesting is that you check to make sure that someone else has not logged in using your user credentials (hacked your user) by running the “last” command from the shell … did you do that and check to see if all those ftp logins under your user are actually times you logged in?

–rlparker


#6

oh iam sorry.
i actually dont know how to do that. :frowning:

can you tell me step by step on how to do that like iam a 5 yr old?
thanks.


#7

[quote]oh iam sorry.
i actually dont know how to do that. :frowning:

can you tell me step by step on how to do that like iam a 5 yr old?[/quote]
Well, no, I won’t do that, but if you can read, scjessey posted an excellent overview on how to get into and use the “shell” for basic things.

If you read that post, and follow the links, you can “shell enable” your user and log into the shell with an SSH client.

Once you have done that, from the shell prompt, just follow the directions in scjessey’s earlier post in this thread.

Enter:

last yourusername

followed by the enter key, and a list of account accesses will scroll onto your screen for your to inspect.

You can then check the dates, times, and IP addresses of the accesses to your account to see if they are all yours or if someone else has compromised your account.

–rlparker