Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm running Laravel 5.5 on a custom application I wrote about 3 years back. Today I got a call from the client saying they're being redirected to a malicious site upon clicking the login button.
I see on the server there are a bunch of "haccess" (nope, not "htaccess") php files scattered in different directories throughout.
Inside the files there's an eval function with base64_decode function and then a block of gibberish. I've googled and seen that this file upload hack is a thing.
I'm just at a lost for how it may have happened. I can wipe the server and push the original code, but I'd like to understand what happened and how to prevent it.
Any knowledge of this issue would be appreciated. Thanks.
Its hard to say without having access to the code + server. It could be an insecure form (that allowed them to upload a php file). Or that the server allowed ftp access (and they managed to crack the credentials). There are of course more possible entry points
Please or to participate in this conversation.