Hacker Problem on my 1and1 Site

[dmonster05]

Hi,

I have an account with 1and1.com and my web page uses php.  Lately I have been attacked by a hacker, and when I sent an email to 1and1 support, they told me to look at some patches for my php scripts, since I use index.php.  Can anyone help me out? It is really frustrating to me so please help if you can.

 

Thank you,

dmonster05

[proggR]

Odds are I can't help but could you elaborate on whats being attacked?

[dmonster05]

my site is www.e-montanez.com

 

My index page was replaced with the hackers signature twice, and this most recent time, everything I had on the server was erased.

[revraz]

No one can help you with anything unless you post your code.

 

Is this your own code or 3rd party?

[dmonster05]

It is mine, and I believe I have found a solution.

 

the code I was using was

 

if (!empty($page)) {

include("$page");

}

else {

include('base.html');

}

 

and it was reading page from the navigation bar.

 

 

i have put a check on page now for only my pages, by creating an array and checking if it is in the array.

 

$pages = array('base.html', 'shirts.html', 'web_design.html', 'slide_show.html', 'about.html', 'contact.html');

 

$page = $_GET['page'];

 

if( in_array($page, $pages) )

...

 

Does this seem like a good solution?

[discomatt]

Yes, much better. Don't forget to change all your passwords.

 

Is register_globals on in PHP? If so, turning that iff would help significantly