My Laravel public folder was uploaded by many php files, and also with some Wordpress files. It happened same to another Opencart website. I think hacker using same method to do that. Could anyone can help to answer some of the following questions or giving the best practices?
- How hacker could upload php files to website? They upload with page that allow to upload file? Or they attack by guessing FTP username and password?
- How to prevent this attacking? We have to do file type upload validation? And also config server security like file and folder permission, etc?
- How attacker find our website? We didn't share to anywhere, just upload to a new server. Then a few months later it was attacked.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire