Level 88
Are you using shared hosting? How do you have your files on the server?
Sep 26, 2019
25
Level 1
Laravel | Malware issue
Hi,
i am facing malware attack on my server. Hackers uploading malicious files on my laravel folders . i changed vendor folder write permissions in file manager. But issue not solved yet. i am facing issue only in my laravel folder.
Current version : 5.3.31
How to solve this issue ? Can anyone Help me Please?
Level 7
Already changed passwords for ftp and ssh?
Level 1
@bobbybouwmann No, Dedicated server.
Level 1
@grubi Yes..
Level 3
Dedicated or VPS? Close your ssh ports to the world, and add your ip. You will probably have a file deep in dir that's sporning more files. Could be your frontend too. Some dodgy JS that's been written via php.
I would check your db too.
Level 122
hopefully public folder is your document root and your .env is not accessible?
Level 75
What company is hosting your server, and has others been attacked as well or is it isolated to you.
And I hope you have some good backups, if that's the case I would use one well before the attack.
I would also check all the database records from a day or two before the attack all the way to the end. But hopefully you were using blade and validating your data. Blade automatically uses htmlspecialchars.
Just a suggestion.
Level 122
don't try fixing it, blow it all away and redeploy
Level 1
@antlusher Dedicated server. We are using laravel framework for admin panel.we have no frontend. Hackers uploading malicious files in public_html and sub folders.
Level 1
@snapey Yes and .env file is hidden in server. After attack, we removed all files in server and uploaded backup files. But every morning hackers uploading malicious files ( malicious index.php, wp_admin worpdress folders to my server ).
[ Sorry for my bad english ]
Level 122
how have you deployed laravel? why do you mention public_html folder? Laravel has no such folder
Level 88
Contact the people behind the dedicated servers...
Level 1
@snapey public_html -> server root folder. Under this folder, we uploaded all laravel files.
Level 1
@bobbybouwmann we already discussed this issue with server team. Server team saying that they looking on this issue. But issue not solved yet.
Hackers daily uploading malicious files in all sub folders. We need to block uploading these files. ( In our code , we are not using file upload feature or any other upload feature )
Level 88
The fact that they have access to the server is the biggest problem here. You need to block this on server level. You can't block this on application level.
Anyway, the support team should be able to protect the server with SSH access only for the time being to solve this right?
Level 1
@bobbybouwmann Yes, Will check with support team.
Thank you, Thanks for your reply.
Level 1
@premjith Have you solved the issue?, we faced the same issue, wp-admin, wp-include, and some unknown PHP files being uploaded, Laravel version is 7
empty the public_html folder the files are generated again.
Level 122
@mgdev why do you even have a public_html folder? I don't see that as part of the framework....
Level 1
@mgdev I had the same problem on my dedicated server. It had Laravel along with WordPress.
What I did was set all file permissions to 0555 inside the server's public_html folder. ( Disabled file write permission ) Then my problem was solved.
1 like
Level 1
@premjith Thanks a lot
Level 1
@Snapey public_html is the root folder of the host
Level 122
@mgdev Well thats the root of your problem.
1 like
Level 122
Sounds like you put all your project files on the web server document root. This is not what you should do and being hacked is what every post on the subject will tell you will happen.
Only the public folder should be published by your Web server
3 likes
Please or to participate in this conversation.