site source looks like it was stolen, what to do?

[jacksonheights]

I found a site by chance in my web analytics referrer report, and it turned out to be a complete reproduction (with some minor color changes) of a custom written php application I created and run. Playing around with it, it seems like they managed to download all the source files from the server (since it reproduces certain behaviors/bugs only I would know about by fiddling with the query string).

So I obviously have a security issue, but I'm no security expert, and really have no idea what my first steps should be. Any help or a pointer in the right direction would be much appreciated. Thanks.

[Mittineague]

You could contact the site's host and ask them to take it down. (Try Civil politeness first). If that fails, Report the site to Google and file a DMCA,

If you can afford a lawyer, talk to one.

[jacksonheights]

I should have mentioned, the site runs out of South africa, so I dont know if I'd have much success with legal action. Seems like the best I can do is secure the server for the future.

[Mittineague]

If they actually have the source and not simply the output, then definately check your folder/file permissions. But you can still try the nice way and file if that fails. It may not be possible to wage a legal battle and "win" recompense, but you can do your best to take the site down.

[jacksonheights]

thanks. one thing I've read is the suggestion to move all app logic outside of the docroot. right now it all resides in the docroot. how big of a security issue is that?

[Mittineague]

AFAIK, if the permissions are restrictive enough it's generally OK to have them under the root. But there may be ways I'm unaware of as I'm not a cracker. Having scripts (especially "sensitive" ones) outside of the root and "including" them is another layer of security that is a wise thing to do. That way they can't be accessed by HTTP or FTP, only by other files on the server.

[tuxus]

AFAIK, if the permissions are restrictive enough it's generally OK to have them under the root. But there may be ways I'm unaware of as I'm not a cracker. Having scripts (especially "sensitive" ones) outside of the root and "including" them is another layer of security that is a wise thing to do. That way they can't be accessed by HTTP or FTP, only by other files on the server.

Correct on the concept but usually the ftp user on shared hosting can view above their web root hence the use of SFTP and strong passwords. Storing includes files above the web root protects you from a couple things, 1st of all as mentioned permission errors, I see this often even from more experienced admins, secondly if something happens and PHP stops parsing files anything in the webroot will be served in plaintext (or the viewer will get a download prompt for the file.) This may seem unlikely but it can easily happen during an upgrade and a few other situations. I've actually seen this happen with some larger sites as of late. Similar can be done with .htaccess rules as well.