Recently on one of my clients servers running apache and php, I have noticed a bunch of random files which were placed throughout every folder on the website. They are named with random numbers such as 205492.php.
There are also .htaccess files which have been placed along with these randomly numbered files. My host tells me its the clients upload script in php, but the owner/group of the files are set to httpd. I think this means its the apache daemon which placed the files here. The creation time of these files are all set to the exact same timestamp.
There are a lot of CURL and base64_encode functions throughout the random php file. I did notice the person who built my clients website had chmod to 777 on the entire folder. I've since changed to 755 thinking that could have been the problem.
I am wondering if anyone has heard of something like this before and if anyone has any suggestions. Thanks a lot for your time.
Best Answer
Not only bad or average, quite often good PHP programmers forget about security goals.
Although it's not carved into stone, hacking sites can be made way more difficult with introducing some rules
A simple sendmail wrapper: