Is my apache/php server being hacked?
August 27, 2012 7:30 PM Subscribe
I have a simple php script. A few times a day, some user has reported that he is seeing the php source code. I can't reproduce it. But I was able to see the source as it appeared on their screen, and there is a weird anomaly.
posted by peter_meta_kbd to technology (15 answers total)
In the source on the page displayed to them, the <?php tag at the beginning of the file ended up on his computer with <!--?php put in there. So apache was thinking it should not be executed. The file doesn't do anything complicated. On the disk when I look at the php file in the live html directory it just looks normal: starts with <?php So somehow, something is adding in the !-- either by mistake or on purpose. This only has happened a few times out of maybe 200,000 pageviews as far as has been reported to me, but 2 of them were by different users in different continents. The only thing that I can tell you is the uncanny coincidence is that all 3 users who reported it are using the chrome browser. When they switch to any other browser, they could not reproduce it. When I got them to delete all cached files on their computer, they could not reproduce it again either. But I got the screenshots, and I know it happened. Am I being hacked or is this some kind of bug?
I also recently added all my files to git (within a day of this beginning to happen) but doing a bunch of diffs, I cannot find any significant difference at all, whatsoever.
Thanks for your insight.