Comment to 'Server Hardening Time'
  • Can someone explain the screen shot in my previous message above. How can php files be placed in UNA storage via a POST request? PHP files which contain base64 code?

    I have now temporarily blocked all POST requests as I am sorting through this. But it made no difference. They posted files right into my UNA platform and altered others. By 'they', I mean their bots.

    So. By just entering things into the address bar of a browser window, your whole site can be taken over for their purposes. Look at the time signature on the FTP window below. In the same minute, dozens of files in different directories were added and altered. My UNA installation was not spared. Of course they do not want to intentionally crash it. Because it is their free hosting service.  :)

    I hope this does not happen to you. But statistically, the odds are that it eventually will... if you do not know how / or take the steps to prevent it. 

    Good luck... the professional hackers are quite clever where they will hide their malicious code snippets... 

    PHP is powerful for good or evil.