One of the websites I host got hacked. I'm kind of amused this time because I've never been hacked before, and the hackers were rather friendly in that they didn't destroy anything. However, I'd prefer this doesn't happen again (obviously). The hackers were able to install a php program called nsTView v.2.0 on the domain and gained control of the domain through that. I'm pretty sure they were able to do this by token of the fact that the folder into which they installed nsTView is chmod777. I need you to: 1) reconstruct for me in clear English the process they likely followed to find my vulnerabilities and exploit them. 2) Tell me what process they used to upload the nsTView. THEN, I need you to modify my simple filebrowser program that currently requires the hacked folder to be chmod777. So, this is a) Tracking down my vulnerabilities; b) fixing them and the php application I currently use that has opened these exploits.
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows? (depending on the nature? of the deliverables):
a)? For web sites or? other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software? installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
PHP, Linux Box