Hack Access Restricted Folders

**Iphone** · 29-Mar-2007, 05:12 AM

I have a page for testing purposes its a regular form built in php, name, email, city, state and zip code are the fields that are required by the user. After submitting the form the data input will be sent via email and printed out to the user. Every field is checked for injection.

This page is inside a folder that is Restricted through .htaccess.

What happened is that someone hacked the site not the main site, but specifically this restricted folder and left an index page saying the site security is weak and easy to hack bla bla...?

My question is how could he/they get to this restricted folder? Nothing in the form could give them access so what could led to this? And one more thing I purchased the site few months ago, and I didn't publish it yet cause I didn't finish working on it yet? So I wonder how did they find it?

Could someone help me answering my questions?

**Iphone** · 29-Mar-2007, 05:12 AM

Then most probably your hosting provider doesn't perform enough security measures to prevent attack to your website. You may ask their support (also ask it for the owner of that file).
One possible way to break your system is from neighbor webhost (when hosting provider is not Secure enough). It's possible if, for example every web host is owned by the same user 'nobody' and no separate uids for every web site owner. Ask support is it true about your web site.

29-Mar-2007, 05:12 AM	#1 (permalink)
Iphone Fixed Error! Posts: 4,202 Join Date: Mar 2007 Rep Power: 6 IM:	Hack Access Restricted Folders I have a page for testing purposes its a regular form built in php, name, email, city, state and zip code are the fields that are required by the user. After submitting the form the data input will be sent via email and printed out to the user. Every field is checked for injection. This page is inside a folder that is Restricted through .htaccess. What happened is that someone hacked the site not the main site, but specifically this restricted folder and left an index page saying the site security is weak and easy to hack bla bla...? My question is how could he/they get to this restricted folder? Nothing in the form could give them access so what could led to this? And one more thing I purchased the site few months ago, and I didn't publish it yet cause I didn't finish working on it yet? So I wonder how did they find it? Could someone help me answering my questions?

29-Mar-2007, 05:12 AM	#2 (permalink)
Iphone Fixed Error! Posts: 4,202 Join Date: Mar 2007 Rep Power: 6 IM:	Re: Hack Access Restricted Folders Then most probably your hosting provider doesn't perform enough security measures to prevent attack to your website. You may ask their support (also ask it for the owner of that file). One possible way to break your system is from neighbor webhost (when hosting provider is not Secure enough). It's possible if, for example every web host is owned by the same user 'nobody' and no separate uids for every web site owner. Ask support is it true about your web site.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)