Unobfuscating and Attack - a look into an evil PHP script (alanp.ca) 2 points by alanpca 16y ago ↗ HN
[–] jtagen 16y ago ↗ Seriously? Who allows uploads to a web-accessible directory with execution enabled?There are so many options that can be transparently used to protect against this without randomly searching for uploaded web scripts. [–] alanpca 16y ago ↗ It was uploaded through a client account via sftp, not injected into the actual directory by any other means. I think that's outlined in the post.
[–] alanpca 16y ago ↗ It was uploaded through a client account via sftp, not injected into the actual directory by any other means. I think that's outlined in the post.
2 comments
[ 3.1 ms ] story [ 35.3 ms ] threadThere are so many options that can be transparently used to protect against this without randomly searching for uploaded web scripts.