Without looking at your code it's hard to tell, couple things to worry about with PhP and security:

1.) Is register_globals on?  If so, might be good to turn it off (though it'll probably break your scripts)

2.) Make sure you validate EVERYTHING that comes in from the web, even stuff from <SELECT> lists.  If you are expecting an email address from a form, make sure that's what you get using regular expressions.  

3.) If you are passing data into a database via SQL, make sure you properly handle quotes, HTML chars, etc.

Josh

On Sun, 23 Nov 2003 17:50:39 -0600
Erick Stohr <erick at nixbrain.com> wrote:

> Hello,
> 
> I am not sure what is going on , but every month or so one of my php 
> scripts on a site i am working on gets "cracked" or something, the one 
> page/script turns into all of my other php scripts on the site and a 
> bunch of jibberish between each page included.
> 
> I am not sure if it happens locally, or on the development server which 
> is the only thing on the net live, I am assuming locally becuase I never 
> download from the development server. I am running php-4.3.2 locally.
> 
> Also, a question that should probably be for the main list, I am behind 
> a Linksys wireless router and do not have a firewall up on my Linux 
> machine but recently recompiled the kernel for iptables, I should 
> probably put one up on my Linux box right? I used to use IPCHAINS and 
> have been lazy and not taken the time to learn iptables, I know where 
> the HOWTO is, but I guess my question is how easy is it to crack the 
> router and get into my internal? I have run chkrootkit and all seems 
> fine. Thanks.
> 
> Erick
> 
> -- 
> Erick Stohr
> Burnsville, MN
> 612-554-8287
> erick at enrwebdev.com
> erick at nixbrain.com
> 
> 
> _______________________________________________
> tclug-devel mailing list
> tclug-devel at mn-linux.org
> https://mailman.real-time.com/mailman/listinfo/tclug-devel
> 

_______________________________________________
tclug-devel mailing list
tclug-devel at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-devel