0

Hi

Is there any way using PHP to delete everything in the public_html directory?
Or even better everything on my server?

Im trying to impliment a backdoor into one of my websites as Im working with another developer I really don't trust much.

Thanks

5
Contributors
7
Replies
8
Views
7 Years
Discussion Span
Last Post by digital-ether
0

If you're working with a developer you don't trust much, it would probably be better if you have a development server that both can play with, and you only have access to the production server.

Or even better you can install version control software on your server and only offer access to the version control system. That way the user can commit changes to the project, and you can see what changes were made, revert them etc.

With version control, the user cannot in any way make changes on the server that you do not see.

0

I already have, this is just as a final backup as the data on that server should rather be deleted than let him have it.

How do I define a path to a folder on my server. For example on windows it would be C:/www/wamp/website/public_html/ however Im not quite sure when it comes to a server.

Also, if a php script inside public html tries to delete something like cpanel or public ftp (stuff before the public_html folder) will it work?

Many thanks for helping me here. I assure you this is causing no harm. Just putting my mind at rest!

0

Any ideas for listing the directory?

How do I define a path to a folder on my server. For example on windows it would be C:/www/wamp/website/public_html/ however Im not quite sure when it comes to a server.

0

With PHP getcwd() will give you the current directory the PHP script (process) is executing in.
http://www.php.net/manual/en/function.getcwd.php

Place a PHP script in the document root to view the full path.

You can also retrieve the document root from the server config. In apache, this is named DocumentRoot.

If you have shell access you can find this with:

1) Find the apache config file (httpd.conf)

whereis httpd

or

whereis apache

This should list the path to the apache binary, as well as the config directory.

2) If the config directory was /etc/httpd/ then the config file should be within it, usually it would be: /etc/httpd/httpd.conf or /etc/httpd/conf/httpd.conf
You can make sure with

find /etc/httpd/ | grep http\\.conf

3) Once you have the config file, search it for the DocumentRoot

grep /etc/httpd/httpd.conf DocumentRoot

As a shortcut you can put all shell commands together as:

whereis httpd | xargs find | grep \\.conf | xargs grep DocumentRoot

You can also get this value directly from PHP, as apache will supply it to PHP scripts invoked through it:

echo $_SERVER['DOCUMENT_ROOT'];

Edited by digital-ether: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.