Jump to content

PHP file spam injection

mrMarcus

By mrMarcus
in PHP Coding Help

Recommended Posts

mrMarcus Member

mrMarcus

Posted
Posted

Hello there,

 

anybody heard of/seen this before .. i have no idea how this is happening, but i was looking over my source code today, and noticed that at the top and the bottom of the source, there were hundreds of links that had been injected/inserted into the source code somehow.

 

now, i grabbed the files off the server and some actually had the links physically in the file, and some it was only viewable via the web browser/view source code.

 

i scanned and searched my database, it's clean.

 

how does this happen, and what can i do to prevent this from happening again?

Link to comment
https://forums.phpfreaks.com/topic/133941-php-file-spam-injection/
Share on other sites
mrMarcus Member

mrMarcus

Posted
  • Author
Posted

thanks for the reply...

 

thing is, i wouldn't even know where to begin when trying to give you guys some examples .. i can't figure out a point of entry for such an attack .. like i said, there is nothing stored in the database, and i've thoroughly scanned all directories for any suspicious files and such.

 

i'm stumped, and very worried .. apparently these kinds of incidents can get you blacklisted from Google, etc...

mrMarcus Member

mrMarcus

Posted
  • Author
Posted

^i did just changed hosting companies a few days ago to HostGator.com .. seemed like a reputable gig.

 

If you want, you could link us to the live site and we could try to find the hole.

my site is www.transcanadarentals.com .. it's been an ongoing project of mine for years now .. but just recently, i've really tried to buckle down and get going on it.

awpti Member

awpti

Posted
Posted

Most likely someone broke your FTP Password and just uploaded the changes.

 

Some content can be pulled in via javascript (hence "only viewable via the web").

 

Use a stronger password and check for vulnerabilities in your PHP Application (I'm guessing you didn't write it, so check the developer's site for news/info).

mrMarcus Member

mrMarcus

Posted
  • Author
Posted

Most likely someone broke your FTP Password and just uploaded the changes.

 

Some content can be pulled in via javascript (hence "only viewable via the web").

 

Use a stronger password and check for vulnerabilities in your PHP Application (I'm guessing you didn't write it, so check the developer's site for news/info).

i wrote that entire site from scratch.  like i said, it's been an ongoing project for quite some time now.

 

thanks for the FTP tip .. i'll definately check into that.

 

i'm just gonna have to go back over my forms .. i have captcha set up on a couple of the forms, but not all .. these web bots feed on unprotected forms.

 

thanks for the feedback(Y)

mrMarcus Member

mrMarcus

Posted
  • Author
Posted

Hrmmm....  Do any of your pages write files?  Someone could've exploited a page to write a file.  When I suggested posting the link, I didn't realize it was such a large site.  Usually such problems are found on smaller sites x.x.

ya, it's a pretty large site:S

 

and no, no page writes any file(s) .. no pages contain write permissions either.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

One common security hole of dynamically generated sites is to use a php include statement to include pages/content based on a GET parameter, but there is no validation of the value and this allows external raw php code to be included from a hackers site and executed on your server. This included code can do anything that your script can do. Doing anything like -

 

include $_GET['some_parameter_on_the_end_of_the_url'];

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.