We recently had a website hacked, where some PHP code was injected into the index.php file that looked something like:
eval (gzinflate(base64_decode('s127ezsS/...bA236UA1')));
The code was causing another PHP file (cnfg.php) to be included, which was causing some pharmaceutical-related spam to be displayed (but only visible to googlebot et al). This looks like the pharma hack for WordPress, except we're not running WordPress. The code has since been removed, but I'd like to prevent such occurrences from happening in the future.
I realize this is a pretty broad problem and there could be a myriad of security holes which could be responsible, but thought I'd put this out there in case anyone has had experience with such a problem in the past.
What are some potential security holes that would allow these PHP files to be uploaded? And what can I do to prevent this from happening in the future?
For this problem: http://www.eukhost.com/forums/f42/disabling-dangerous-php-functions-6020/
If your code uses EVAL, you really need to sanitize user input: What's the best method for sanitizing user input with PHP? and http://www.owasp.org/index.php/Category:Input_Validation
For more security: http://www.owasp.org/index.php/Main_Page