Jump to content

Recommended Posts

Hello there,

 

anybody heard of/seen this before .. i have no idea how this is happening, but i was looking over my source code today, and noticed that at the top and the bottom of the source, there were hundreds of links that had been injected/inserted into the source code somehow.

 

now, i grabbed the files off the server and some actually had the links physically in the file, and some it was only viewable via the web browser/view source code.

 

i scanned and searched my database, it's clean.

 

how does this happen, and what can i do to prevent this from happening again?

Link to comment
https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/
Share on other sites

thanks for the reply...

 

thing is, i wouldn't even know where to begin when trying to give you guys some examples .. i can't figure out a point of entry for such an attack .. like i said, there is nothing stored in the database, and i've thoroughly scanned all directories for any suspicious files and such.

 

i'm stumped, and very worried .. apparently these kinds of incidents can get you blacklisted from Google, etc...

^i did just changed hosting companies a few days ago to HostGator.com .. seemed like a reputable gig.

 

If you want, you could link us to the live site and we could try to find the hole.

my site is www.transcanadarentals.com .. it's been an ongoing project of mine for years now .. but just recently, i've really tried to buckle down and get going on it.

Most likely someone broke your FTP Password and just uploaded the changes.

 

Some content can be pulled in via javascript (hence "only viewable via the web").

 

Use a stronger password and check for vulnerabilities in your PHP Application (I'm guessing you didn't write it, so check the developer's site for news/info).

Most likely someone broke your FTP Password and just uploaded the changes.

 

Some content can be pulled in via javascript (hence "only viewable via the web").

 

Use a stronger password and check for vulnerabilities in your PHP Application (I'm guessing you didn't write it, so check the developer's site for news/info).

i wrote that entire site from scratch.  like i said, it's been an ongoing project for quite some time now.

 

thanks for the FTP tip .. i'll definately check into that.

 

i'm just gonna have to go back over my forms .. i have captcha set up on a couple of the forms, but not all .. these web bots feed on unprotected forms.

 

thanks for the feedback(Y)

Hrmmm....  Do any of your pages write files?  Someone could've exploited a page to write a file.  When I suggested posting the link, I didn't realize it was such a large site.  Usually such problems are found on smaller sites x.x.

ya, it's a pretty large site:S

 

and no, no page writes any file(s) .. no pages contain write permissions either.

One common security hole of dynamically generated sites is to use a php include statement to include pages/content based on a GET parameter, but there is no validation of the value and this allows external raw php code to be included from a hackers site and executed on your server. This included code can do anything that your script can do. Doing anything like -

 

include $_GET['some_parameter_on_the_end_of_the_url'];

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.