Our site was recently hacked by someone using GETs and POSTs. Somehow they uploaded a file called paypal.zip and proceeded to unzip it into a folder. It appears from the raw access logs that they included other URLs in the URL for my page; they seemed to use this to unzip the file and write other files?
I don’t really know how hackers do this, but I was wondering if there is a way (htaccess?) to automatically run a script when anyone accesses my site? I thought I could check for bad words in the request—e.g. paypal, chdir, upload, bankamerica, etc.—and then redirect if I find a possible attack. Any suggestions?
Are there any Pear (or other) security packages that can be set to run on each hit on the site? My web host suggested PHPIDS. Are there any others that would handle such attacks?
Thanks
