Question on how i got hacked

perezf · September 8, 2006

hello my website got hacked >:( and i was told they did this using a post in php
they wrote a file to my server directory they added an index.html to it
how was that possible and how can i stop it
i was told it was a php script

Nhoj · September 8, 2006

Can we get a live preview of your website to take a better look?

perezf · September 8, 2006

its not in hacked state anymore
but http://2fr3sh.com

trq · September 8, 2006

There would be many different ways of doing this. You yourself are using php on your server I assume? Are you using switches with include statements per chance? If so, are you validating your includes beforehand?

perezf · September 8, 2006

yes i am using switches and what do u mean when you ask if i am validating my includes

extrovertive · September 8, 2006

http://www.2fr3sh.com/index.php?page=Pricing

Perhaps they hacked you after seeing this page and the rates

j/k...Anyways, was this through a form? What chmod do you have for the folder thy hack? Most likely, it's someone who's familar with the structure of your website.

perezf · September 8, 2006

yes and i havent check the folder settings i should check that give me a sec

perezf · September 8, 2006

all the write options are disabled to the folders and do y0u think the rates are to high

perezf · September 8, 2006

lol

.josh · September 8, 2006

you are going to have to post the code that has your form, as well as the script that processes it, if that's a seperate script, if you want anybody to give you any kind of real answer.

and also, your thread seems to have devolved into a website critique worthy thread. stay on topic or this will be moved there.

redarrow · September 8, 2006

I see the problam your using the $_GET statement on all pages are you?

and bye the way in essance getting hacked is a terrorable thing but is also a very common thing in computer programming the best way to acheve good results is to valadate all infromation and beetend your the hacker and try and hack your own php codes then add harsh condition to slow the hacking down.

it is really hard to stop hacking on any websight the hacker will always get in but try adding lots of valadations.

good luck.

if so the correct conditein is to valadate the $_GET coditeion like so.

the proper coreect link format.
[code]
<?
echo"< a href='index.php?page=home'>Go to home page</a>";
?>
[/code]

a $_GET with a url condition if page=="home" got there else dont.
[code]
<?php
if($_GET['page']=="home"){
header("location: index.php");
exit;
}
?>
[/code]

Sign In

Question on how i got hacked

Recommended Posts

perezf

Link to comment

Share on other sites

Nhoj

Link to comment

Share on other sites

perezf

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

perezf

Link to comment

Share on other sites

extrovertive

Link to comment

Share on other sites

perezf

Link to comment

Share on other sites

perezf

Link to comment

Share on other sites

perezf

Link to comment

Share on other sites

.josh

Link to comment

Share on other sites

redarrow

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information