Thread: I was hacked!!!
View Single Post
Old 10-04-2007, 09:43 AM   #14
asim1
I could get used to this!
 
asim1's Avatar
 
Join Date: Jun 2000
Location: United States
Posts: 176
Quote:
Originally Posted by theesfield View Post
I am utterly clueless when it comes to thiese kinds of things. I am lucky that I know how to update my store with new product and update my website with new info (although my website is still under construction..that's because I am clueless!) So when you tell me I have a php website...I don't know what that means. And my webmaster tells me to back up my website and download raw templetes...I don't know what he is talking about! I feel like such an idiot! I just can't get a grasp on this thing!
Nilaja
OK, here's web site 101. Please note that this is all quite generalized:

Essentially, web servers do nothing but copy files over the 'Net. Apache or Microsoft's IIS are at the core of this process, taking commands from (usually) your browser, and sends files (and other data) back to the browser in response. It copies the HTML file, and then copies each image the HTML file refers to; this is part of the reason image-heavy sites will sometimes appear without the images for awhile on slow connections.
PHP is sort-of an add on, or plugin, to Apache or IIS; it allows a program to generate HTML on the web server, as opposed to storing it in a file. This means the website can be modified by a program in response to some kinds of interactions; for example, almost every page on Bhuz is not a HTML file, but the output from a PHP program (you can tell by looking at the link; the ".php" indicates that the PHP program generated the page you're looking at). This is all done on the server, and the PHP code is written in such a way that the web server knows to send it as HTML that your browser can read like a HTML file.
Because it's code that's running in your web server, and your web server has access to the Operating System (like Windows) it's running, you can attack a PHP page, and get it to run stuff on the actual Operating System. Windows, and IIS, have been historically notorious for allowing such attacks, but have become much better over the last couple of years. This is the mostly likely attack vector; someone saw that you're running PHP, and used a weakness in PHP to get to the web server, and then to the Operating System. It's one of a thousand ways to get in, however, and no reason to remove PHP.

Your web guy should at least be upgrading PHP and Apache to the latest versions, and studying how they got in, so as to avoid future attacks along that vector. You really, honestly, shouldn't have to worry about this, and should not feel bad that you don't know -- LOTS of technical people I know aren't aware of how systems can be cracked. It's a lot like finding out how your car's fuel injection works, and is why you look for a good mechanic. :)

Does this help?


----asim, who pays the dancin' bills by developing database-backed web applications in the Security Dept. of a major financial institution.
__________________
See me at APOSTATE: Angry Young Black Man Does Raqs.
asim1 is offline   Reply With Quote