Posted by:
ess
(---.cable.ubr06.stav.blueyonder.co.uk)
One of the website I have, have been hacked into.
Likely the hacker didn't bring the website down, but left a file on the server which enabled him to execute commands, read all drives on the server (including private files) etc.
My question:
Is there a way to prevent PHP from read directories or accessing files outside the website root. I know that I could add the following line in VirtualHost entry, but I do not have access to the http.config file, and obviously cannot much about it.
php_admin_value open_basedir "~/public_html/"
I have contacted my hosting company already, but no replies from them since last week when the website was hacked into.
If there is away to solve this problem, please let me know.
Thanks