Question

My website has been hacked, changed index.php file

I make website with laravel, the hacker just changed index.php file in public folder and i set public folder permission to drwxr-xr-x www-data and index.php to -rw-r–r-- www-data. Is my permission wrong ?


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
March 3, 2024

Heya @a9b194576b5149d9b291512c41f756,

The permissions of your file are fine, it’s standart practice for files to be 644(-rw-r--r--) and for folders to be 755(drwxr-xr-x).

Most likely the issue lies somewhere else rather than your permissions. Usually, these things happen because of an exploit in either the services/packages you have on your Droplet or exploits in your Applications, in this case, Laravel.

The best thing you can do is to always keep everything up to date, additionally keep strong passwords everywhere and try to limit authentication methods to not only passwords but 2FA whenever possible.

Bobby Iliev
Site Moderator
Site Moderator badge
February 24, 2024

Hey there!

Sorry to hear about your website. Security issues can be quite stressful, but let’s see how we can address this and fortify your site for the future.

First off, regarding your permissions, they seem generally okay. For a Laravel application, setting your public directory to drwxr-xr-x (755) and your index.php file to -rw-r--r-- (644) under the ownership of www-data is a standard practice. This setup ensures that files and directories are readable and executable where necessary, without granting excessive permissions that could be exploited.

However, the issue at hand likely stems from a vulnerability elsewhere in your application or server rather than these specific permissions. Here are a few steps to consider:

  1. Check for any outdated dependencies, Laravel versions, or plugins that might have known vulnerabilities. Utilize tools like Composer to update your dependencies and consider running a vulnerability scanner against your application.

  2. Look through your web server and application logs for any unusual activity or access patterns that could indicate how the attacker gained access. This information can be crucial in preventing future attacks.

  3. It’s possible the attacker made other changes beyond the index.php file. Consider using tools like git (if your project is under version control) to check for modifications or a tool like find to look for recently altered files.

  4. Beyond fixing the immediate vulnerability, consider implementing additional security measures such as regularly scanning your application for vulnerabilities, and ensuring all third-party packages are up to date.

I could suggest using the Laravel Enlightn package. It is an artisan command-line tool that checks your code and provides you with actionable recommendations on improving your application’s performance, security & more.

It’s also a good practice to have a recovery plan in place, including regular backups of your application and database. This way, in the event of a compromise, you can restore your site more quickly and with less loss of data.

Hope this helps, and wishing you luck in securing your site!

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.