Question
My website has been hacked, changed index.php file
- Posted on February 22, 2024
- LaravelPHP
Asked by a9b194576b5149d9b291512c41f756
I make website with laravel, the hacker just changed index.php file in public folder and i set public folder permission to drwxr-xr-x www-data and index.php to -rw-r–r-- www-data. Is my permission wrong ?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Featured on Community
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Heya @a9b194576b5149d9b291512c41f756,
The permissions of your file are fine, it’s standart practice for files to be 644(
-rw-r--r--) and for folders to be 755(drwxr-xr-x).Most likely the issue lies somewhere else rather than your permissions. Usually, these things happen because of an exploit in either the services/packages you have on your Droplet or exploits in your Applications, in this case, Laravel.
The best thing you can do is to always keep everything up to date, additionally keep strong passwords everywhere and try to limit authentication methods to not only passwords but 2FA whenever possible.
Hey there!
Sorry to hear about your website. Security issues can be quite stressful, but let’s see how we can address this and fortify your site for the future.
First off, regarding your permissions, they seem generally okay. For a Laravel application, setting your public directory to
drwxr-xr-x(755) and yourindex.phpfile to-rw-r--r--(644) under the ownership ofwww-datais a standard practice. This setup ensures that files and directories are readable and executable where necessary, without granting excessive permissions that could be exploited.However, the issue at hand likely stems from a vulnerability elsewhere in your application or server rather than these specific permissions. Here are a few steps to consider:
Check for any outdated dependencies, Laravel versions, or plugins that might have known vulnerabilities. Utilize tools like Composer to update your dependencies and consider running a vulnerability scanner against your application.
Look through your web server and application logs for any unusual activity or access patterns that could indicate how the attacker gained access. This information can be crucial in preventing future attacks.
It’s possible the attacker made other changes beyond the
index.phpfile. Consider using tools likegit(if your project is under version control) to check for modifications or a tool likefindto look for recently altered files.Beyond fixing the immediate vulnerability, consider implementing additional security measures such as regularly scanning your application for vulnerabilities, and ensuring all third-party packages are up to date.
I could suggest using the Laravel Enlightn package. It is an
artisancommand-line tool that checks your code and provides you with actionable recommendations on improving your application’s performance, security & more.It’s also a good practice to have a recovery plan in place, including regular backups of your application and database. This way, in the event of a compromise, you can restore your site more quickly and with less loss of data.
Hope this helps, and wishing you luck in securing your site!
Best,
Bobby