Jump to content


Photo

Question on how i got hacked


  • Please log in to reply
10 replies to this topic

#1 perezf

perezf
  • Members
  • PipPipPip
  • Advanced Member
  • 301 posts
  • LocationFort Lauderdale

Posted 08 September 2006 - 03:06 AM

hello my website got hacked >:( and i was told they did this using a post in php
they wrote a file to my server directory they added an index.html to it
how was that possible and how can i stop it
i was told it was a php script

#2 Nhoj

Nhoj
  • Members
  • PipPipPip
  • Advanced Member
  • 223 posts
  • LocationClearwater, FL

Posted 08 September 2006 - 03:07 AM

Can we get a live preview of your website to take a better look?
Avid PHP Developer, need some work done? Send a PM ;)

#3 perezf

perezf
  • Members
  • PipPipPip
  • Advanced Member
  • 301 posts
  • LocationFort Lauderdale

Posted 08 September 2006 - 03:08 AM

its not in hacked state anymore
but http://2fr3sh.com



#4 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 08 September 2006 - 03:09 AM

There would be many different ways of doing this. You yourself are using php on your server I assume? Are you using switches with include statements per chance? If so, are you validating your includes beforehand?

#5 perezf

perezf
  • Members
  • PipPipPip
  • Advanced Member
  • 301 posts
  • LocationFort Lauderdale

Posted 08 September 2006 - 03:10 AM

yes i am using switches and what do u mean when you ask if i am validating my includes

#6 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 08 September 2006 - 03:20 AM

http://www.2fr3sh.co...hp?page=Pricing

Perhaps they hacked you after seeing this page and the rates


j/k...Anyways, was this through a form? What chmod do you have for the folder thy hack? Most likely, it's someone who's familar with the structure of your website.


#7 perezf

perezf
  • Members
  • PipPipPip
  • Advanced Member
  • 301 posts
  • LocationFort Lauderdale

Posted 08 September 2006 - 03:23 AM

yes and i havent check the folder settings i should check that give me a sec

#8 perezf

perezf
  • Members
  • PipPipPip
  • Advanced Member
  • 301 posts
  • LocationFort Lauderdale

Posted 08 September 2006 - 03:25 AM

all the write options are disabled to the folders and do y0u think the rates are to high

#9 perezf

perezf
  • Members
  • PipPipPip
  • Advanced Member
  • 301 posts
  • LocationFort Lauderdale

Posted 08 September 2006 - 03:31 AM

lol

#10 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 08 September 2006 - 05:03 AM

you are going to have to post the code that has your form, as well as the script that processes it, if that's a seperate script, if you want anybody to give you any kind of real answer.

and also, your thread seems to have devolved into a website critique worthy thread. stay on topic or this will be moved there.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#11 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 08 September 2006 - 06:54 AM

I see the problam your using the $_GET statement on all pages are you?

and bye the way in essance getting hacked is a terrorable thing but is also a very common thing in computer programming the best way to acheve good results is to valadate all infromation and beetend your the hacker and try and hack your own php codes then add harsh condition to slow the hacking down.

it is really hard to stop hacking on any websight the hacker will always get in but try adding lots of valadations.

good luck.

if so the correct conditein is to valadate the $_GET coditeion like so.

the proper coreect link format.
<?
echo"< a href='index.php?page=home'>Go to home page</a>";
?>

a $_GET with a url condition if page=="home" got there else dont.
<?php
if($_GET['page']=="home"){
header("location: index.php");
exit;
}
?>

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users