Recently, a website I hosted (wordpress I think) for a friend got hacked and all php pages had added code at the bottom in the form of "echo base64_encode(...);". Thus there were unwanted ads on very page.
The webserver is apache2 running suphp.
I imagine a recursive "chattr +i" on all php files that don't need to be modified/upload by a website would protect against such an attack. Am I right to believe this and would there be any good reason not to do this?
Aucun commentaire:
Enregistrer un commentaire