site security and php

tonyw

hi folks,

I would like advise/opinions on the issue of site security. We have a forum www.georgestobbart.com hosted on an easily.co.uk virtual server and which was coded in php by ourselves.

We recently recieved a mildly threatening email that contained proof that the sources had been read. However, we dont believe that the guy got ftp access to the site. Noone has the username and passwords.

Is it easy to trick appache into delivering the sources or something? How determined does a hacker have to be to acheive this?

hmmm! :eek: 😕

tony

mogster

As long as the php-file is executable as a standalone phpscript, this will be difficult to acheive. There has been a discussion on this topic before:
http://www.phpbuilder.com/board/showthread.php?s=&threadid=10230797

But then again, if the assumed hacker has access to the server as a dedicated user, he may include your file by using include(../../dir/file).

knutm