How did my PHP form get compromised?

by ChrisW   Last Updated March 13, 2018 02:04 AM - source

I've got a CodeIgniter site with a form that accepts file uploads. I'm on a shared hosting package. I use Codeigniter's functions to validate the input; e.g.

$config['allowed_types'] = 'docx|doc|xlsx|xls|pdf|txt|ppt|pptx|rtf|odt|fodt|ods|fods|odp|fodp|odg|fodg|odf|zip';

(Although, yes, I know that mime-types can be spoofed).

After upload, the files are moved to /home/<user>/files/; the CodeIgniter application is at /home/<user>/public_html/<webapp|system>.

I've found that there's some malicious code (which looks like it could be used as a spam bot) at /home/<user>/public_html/ipo2/office _1/bam_office. Given the validation I've got in place, I'm intrigued how this could have got here!

Any hints for me to think about would be greatly appreciated! (I have wondered whether another user on the server got hacked, but I guess this would be much harder to deploy malicious code across multiple users' directories?)

Tags : security

Related Questions

SSL Verification files can't be read

Updated October 12, 2018 13:04 PM