-2

Possible Duplicate:
My server's been hacked EMERGENCY

I did a php script my self for a digital shop store but a hacker is hacking it again and again. He is copying some php and javascript files to my host. He is also editing my index files by placing javascript codes to each index file.

So please tell me which security issues should I check to stop it? I have no folder or file with 777 chmod.

  • 1
    Please stop what you're doing and get a professional to do this for you. You're so far out of your depth that you'll never be able to get back. – John Gardeniers Aug 13 '12 at 05:15
  • 2
    If you are going to develop web content I strongly suggest you take a few hours reading the content at https://www.owasp.org/ Properly securing a web based application takes a large understanding. – Zoredache Aug 13 '12 at 05:23

1 Answers1

2

Follow best practices. Just not having a 777 on a file will prevent someone from hacking in.

Take your server offline and follow best practices.

  • Is your OS up-to-date?
  • Is your PHP up-to-date? PHP is notorious for security issues.
  • Have you scanned your application for vulnerabilities. Google will help you with plenty tools to do this
  • Remove unneeded services and accounts
  • Change your passwords regularly and ensure they are strong
  • Audit your entire code
  • Secure SSH / Apache, your database and PHP

Just to be sure, take a backup of your configuration and code and re-install the server and follow best practices.

A quick search will help you with best practices, securing OS and your application stack.

Chida
  • 2,471
  • 1
  • 16
  • 29